Ordinypt Wiper Description
In the past decade, cybercriminals have used cyber threats to generate profit for themselves almost exclusively – they use malware that can extort the victim for money, collect their financial details, gather cryptocurrency wallets, or even harvest the computer’s power to mine for various cryptocurrencies. However, it appears that there are still groups of hackers who opt to rely on malware that is purely destructive – this is the exact case with Ordinypt Wiper, a piece of malware capable of damaging a large number of files in a matter of minutes. Attacks with the Ordinypt Wiper are targeted to German users and companies exclusively, and its authors still attempt to make some money despite being unable to help their victims at all.
German Users are Again the Targets of a Data Wiper
The first reports from victims of the Ordinypt Wiper were published online on September 11, 2019, but this is not the initial time that malware researchers have encountered this threat certainly. It also goes by the name ‘HSDFSDCrypt Ransomware,’ and it was first used in 2017. The campaign back then also targeted German systems exclusively. Currently, the Ordinypt Wiper is being spread via fake job applications emails that claim to contain the CV of ‘Eva Richter.’ However, instead of a legitimate file, the recipients would be downloading a disguised ‘.exe’ file that carries the Ordinypt Wiper’s payload.
Once the wiper is initialized, it will begin to carry out the tasks necessary to damage the victim’s files and leave them with as few recovery options as possible immediately. The Ordinypt Wiper will:
- Damage the contents of all targeted file types by overwriting them with random characters. This is not decryptable, and it cannot be reversed reliably. The only way to restore the file is to replace it with a backup copy.
- Just like ransomware, the Ordinypt Wiper will rename all corrupted files by adding a random extension to the end of their name.
- The Ordinypt Wiper can terminate particular processes that may prevent it from overwriting the contents of some files.
- Spare specific file types, directories, and files to ensure that the user’s operating system will continue to work after the attack.
- Disable System Restore, the Windows 10 Recovery Environment, and wipe out the Shadow Volume Copies.
- Create a ransom message that urges the user to pay – found in ‘[random extension]_how_to_decrypt.txt.’
It seems that the ransom fee is hardcoded, as several victims of the Ordinypt Wiper were asked to pay exactly 0.1473766 Bitcoins or $1,500 approximately. Of course that you should not pay a single cent to the authors of the Ordinypt Wiper since they are not able to help. The best thing to do is to use an anti-virus engine to remove all files associated with the Ordinypt Wiper, and then try to restore from a backup.
Do You Suspect Your PC May Be Infected with Ordinypt Wiper & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Ordinypt Wiper as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.