Ordinypt Wiper

Ordinypt Wiper Description

In the past decade, cybercriminals have used cyber threats to generate profit for themselves almost exclusively – they use malware that can extort the victim for money, collect their financial details, gather cryptocurrency wallets, or even harvest the computer’s power to mine for various cryptocurrencies. However, it appears that there are still groups of hackers who opt to rely on malware that is purely destructive – this is the exact case with Ordinypt Wiper, a piece of malware capable of damaging a large number of files in a matter of minutes. Attacks with the Ordinypt Wiper are targeted to German users and companies exclusively, and its authors still attempt to make some money despite being unable to help their victims at all.

German Users are Again the Targets of a Data Wiper

The first reports from victims of the Ordinypt Wiper were published online on September 11, 2019, but this is not the initial time that malware researchers have encountered this threat certainly. It also goes by the name ‘HSDFSDCrypt Ransomware,’ and it was first used in 2017. The campaign back then also targeted German systems exclusively. Currently, the Ordinypt Wiper is being spread via fake job applications emails that claim to contain the CV of ‘Eva Richter.’ However, instead of a legitimate file, the recipients would be downloading a disguised ‘.exe’ file that carries the Ordinypt Wiper’s payload.

Once the wiper is initialized, it will begin to carry out the tasks necessary to damage the victim’s files and leave them with as few recovery options as possible immediately. The Ordinypt Wiper will:

  • Damage the contents of all targeted file types by overwriting them with random characters. This is not decryptable, and it cannot be reversed reliably. The only way to restore the file is to replace it with a backup copy.
  • Just like ransomware, the Ordinypt Wiper will rename all corrupted files by adding a random extension to the end of their name.
  • The Ordinypt Wiper can terminate particular processes that may prevent it from overwriting the contents of some files.
  • Spare specific file types, directories, and files to ensure that the user’s operating system will continue to work after the attack.
  • Disable System Restore, the Windows 10 Recovery Environment, and wipe out the Shadow Volume Copies.
  • Create a ransom message that urges the user to pay – found in ‘[random extension]_how_to_decrypt.txt.’

It seems that the ransom fee is hardcoded, as several victims of the Ordinypt Wiper were asked to pay exactly 0.1473766 Bitcoins or $1,500 approximately. Of course that you should not pay a single cent to the authors of the Ordinypt Wiper since they are not able to help. The best thing to do is to use an anti-virus engine to remove all files associated with the Ordinypt Wiper, and then try to restore from a backup.

Do You Suspect Your PC May Be Infected with Ordinypt Wiper & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Ordinypt Wiper as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.