Malware

GermanWiper – malware that erases your data but still asks for ransom

German users and businesses should be on the lookout for a type of ransomware dubbed “GermanWiper” which is being spammed out to thousands of potential targets in the country.

The malware is being given the label ransomware because after infection, it asks for a ransom to be paid in order for the victim to regain access to their files. However unlike traditional ransomware – which encrypts files and demands a ransom for the decrypt key – GermanWiper simply wipes the files completely, so there is no chance of recovery.

Of course, this means paying the ransom is going to be a waste of both time and money. But the malware authors are hoping the victim doesn’t realise that.


Sponsored Content. Continued below...




GermanWiper is delivered to victims in the traditional method. Through malicious email attachments on either mass spam campaigns or targeted email attacks. Currently it is most frequently being delivered via an email claiming to come from a job applicant offering her CV to the recipient. But the attached files lead to a malicious download, which infects a device with the malware.

The ransomware goes to business wiping files on the hard drive, but preserving the filenames and changing their file extensions, to give the appearance of traditional ransomware, which encrypts the files. However the malware is simply overwriting the files with zeroes. There is actually no encryption going on.

It’s likely that many ransomware authors (that is, authors of ransomware that actually encrypts data) will be irked by GermanWiper. The authors of GermanWiper opted for the easy but arguably more short-sighted approach of simply wiping data. Their malware overwrites files and that’s a lot easier to do that encrypting data and going through the rigmarole of providing a decrypt key to those that pay a ransom.


Sponsored Content. Continued below...




Sure, they may hook a few victims and make a few bucks, but when word gets around that paying the ransom isn’t going to lead to a victim getting their files back, the money will soon dry up. This could have a knock-on effect to how likely future ransomware victims will pay up, regardless of the variant of ransomware that they’re infected with.

That is to say, if the ransomware industry becomes overcome with GermanWiper knock-offs that don’t provide decrypt keys because they ultimately just wipe the data, then more and more victims are going to think twice before paying a ransom. That’s a consequence not likely to be welcomed by ransomware authors in it for the long-haul, who see having a reliable reputation a long-term way of sustaining their illegal business model.

Either way, whether you’re infected with actual ransomware or “wiper” malware, having full back-ups of all your data is an absolute must, as is educating yourself (and your employees) on how to spot your typical email malware attack. And that is to say, don’t open email attachments unless your explicitly expecting them from a specific person.

Share
Published by
Craig Haley