Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Technology

GermanWiper Ransomware Hits Germany Hard, Destroys Files, Asks For Ransom (zdnet.com) 89

An anonymous reader quotes a report from ZDNet: For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn't encrypt files but instead it rewrites their content with zeroes, permanently destroying users' data. As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them recover their files. Unless users had created offline backups of their data, their files are most likely gone for good. For now, the only good news is that this ransomware appears to be limited to spreading in German-speaking countries only, and with a focus on Germany primarily.

According to German security researcher Marius Genheimer and CERT-Bund, Germany's Computer Emergency Response Team, the GermanWiper ransomware is currently being distributed via malicious email spam (malspam) campaigns. These emails claim to be job applications from a person named "Lena Kretschmer." A CV is attached as a ZIP file to these emails, and contains a LNK shortcut file. The LNK file is boobytrapped and will install the GermanWiper ransomware. When users run this file, the ransomware will rewrite the content of various local files with the 0x00 (zero character), and append a new extension to all files. This extension has a format of five random alpha-numerical characters, such as .08kJA, .AVco3, .OQn1B, .rjzR8, etc.. After it "encrypts" all targeted files, GermanWiper will open the ransom note (an HTML file) inside the user's default browser. The ransom note looks like the one below. A video of the infection process is also available here. Victims are given seven days to pay the ransom demand. It is important to remember that paying the ransom note won't help users recover their files.

This discussion has been archived. No new comments can be posted.

GermanWiper Ransomware Hits Germany Hard, Destroys Files, Asks For Ransom

Comments Filter:
  • by mark-t ( 151149 ) <marktNO@SPAMnerdflat.com> on Friday August 02, 2019 @05:51PM (#59031646) Journal
    If the user's data is irrecoverable, then it will discourage people's trust in the person who would allegedly provide a decryption key. It undermines all future ransomware infections, because it will make it less likely that the perpetrators will receive any payment, creating a disincentive to continue.
    • by Anonymous Coward

      I find most ransomware authors to be bright and very competent. They generally provide a reasonable service at a reasonable price so there's often not much to complain about (though whiners always do)

      • by Anonymous Coward

        As long as you consider extortion reasonable.

    • by trek00 ( 887323 )

      may be their virus is bugged and they need to distribute an update? who knows if windows update can help them :)

    • This has echoes of the 1990s and 2000s where PC viruses started to become so malicious that people actually started taking action. When people started having their monitors fry due to being set to too high a refresh rate, or the BIOS of their computer zeroed out, people and businesses started doing something about it. PCs had tape drives, and people used ZIP drives to copy files to, to ensure stuff was backed up. That lesson seems to have been lost when MS-DOS viruses became irrelevant, and most malware

  • by Rick Schumann ( 4662797 ) on Friday August 02, 2019 @06:24PM (#59031776) Journal
    Get some real fancy bike locks for your bike, make it hard/impossible to steal? Thieves will just fuck up your bike in retaliation: if they can't have it, they'll ensure you can't either. So, sadly, it seems to go with ransomware; some company has come up with ways to recover the encryption key without paying the so-called 'ransom', so the ransomware assholes just decide to start destroying data in retaliation. Wish I could say I was surprised.
    • Your post doesn't make any sense. The only companies that are able to recover the encryption keys are those who are dealing with malware which has actual faults in its algorithm. The comparison between locking your bike is completely silly.

      And no. Thieves don't generally fuck up your bike if you make it impossible to steal, they only ever fuck up the lock trying to get it open, so even from a people perspective your post doesn't make any sense at all.

      • I had someone try to steal my bike, they could not get the lock upen, so they trashed the rims. End result way I still had my bike, it cost me 2 rims and a bunch of spokes, and some time, and they didn't have a bike.
      • Or perhaps your experiences in life don't line up with mine and that of people I've known therefore you can't conceive of what I'm referring to? Or do you really think I just make things up for the hell of it?
        Consider this: perhaps you've been so blessed in your life that you've never encountered the criminal mind before, therefore have no basis to understand how they think sometimes. If so count yourself lucky, it must be nice and calm and pleasant in your head most of the time. ;-)
      • by Mal-2 ( 675116 )

        Thieves don't fuck up your bike because they can't break the lock -- but bullies and assholes certainly do. That's when the bike chain serves better as a weapon than a security device.

    • by Kjella ( 173770 )

      So, sadly, it seems to go with ransomware; some company has come up with ways to recover the encryption key without paying the so-called 'ransom'

      I doubt this is written by any actual ransomware writers, since it's not that hard to do right. Symmetric encrypt the fi les, create a PGP message to yourself with the key and wipe the key from memory. Whatever decryption service you run checks the Bitcoin payment, decrypts the PGP message and hands the symmetric key back to you. The basic proof of concept is so easy I could whip it up in a couple hours, a full service maybe a day or two. This is probably some copycats who got real lazy, yeah we could try t

      • Could be; you're not wrong. But I stand by what I said above as a possibility in some cases. Thwarted criminals can be as vindictive as anyone else, and if they're being thwarted by some White Hats, 'upping the ante' by 'killing the hostages, one by one' (i.e. overwriting files) 'until your demands are met' (pay us the Bitcoin, bitches!) really doesn't seem that far-fetched to me. Also consider that these ransomware jackasses are not 'honorable' in the least; just because you decide to pay them (which you s
    • Comment removed based on user account deletion
      • If we're going to get into conspiracy theories, follow the money. Maybe it's a consortium of backup services vendors ...

        Occam's razor says it's what it looks like - someone who is trying to get people to pay a ransom, and they will take the money and run.

      • Hmm, that hadn't occurred to me; good thinking on your part. Not at all unheard-of for intelligence ops to masquerade as mere criminal activity, since cosmetically-speaking there isn't much difference between the two.
        Now you've got me thinking: how about industrial espionage/industrial warfare? Sabotage your competitors in a false-flag op, making it look like just common cybercriminals? Can't offhand think of an example I've seen in the news thata would fit that profile but it would fit.
  • can some rent a rack then backpack an magnet to wipe out all the other racks?

  • If people learn that they may not get their data back after paying the ransom, perhaps they will stop paying the ransom and that would put all the ransomware purveyors out of business.

  • What did they ever do to anyone!

  • Windows users have all the fun.

This is now. Later is later.

Working...