Tech

Steve Kaaru

GermanWiper erases victim’s data but still demands ransom in BTC

A new malware has been targeting German companies, erasing their data and still demanding ransom from its victims. Aptly named GermanWiper, the malware compromises a computer, deletes the files and demands the victim pay 0.15038835 SegWitCoin (BTC) as ransom.

The first sample of the malware was seen by security researchers on July 29, a report by Bleeping Computer revealed. The researchers from MalwareHunterTeam continued to receive submissions on their malware identification platform throughout the week. The highest number of submissions was reported on August 2, an indication that the malware had hit plenty of victims in just five days. After that, the number of submissions gradually decreased.

The GermanWiper malware was distributed through a spam campaign disguised as a job application. The applicant, named Lena Kretschmer sent an email to the victim with an attachment that purported to be the applicant’s resume.

The attachment contains two files that are in PDF format. However, once a victim clicks on the files, they execute a PowerShell command to download an HTA file and launch it on the local machine. The malware is then downloaded and the wiper launched.

The GermanWiper swiftly terminates processes associated with databases so that the files can be accessed and wiping becomes possible. It then scans for files to destroy, exempting files that are essential for Windows booting properly and for browsing the web. Destroying the data is done by overwriting the data with zeroes.

At the end of the wiping procedure, the malware automatically opens a ransom note with instructions to pay 0.15038835 BTC to an address that’s provided. At press time, this was worth $1,784. According to the report, the malware contains 36 BTC addresses, assigning one at random to the victims. While most of the addresses are still empty, there are some that have received the requested amount. Those who paid lost their money as the files are already wiped and it’s impossible to recover them.

While ransomware has been around for decades, the malicious actors have taken to crypto ransom as they are harder to track. The ransomware attacks haven’t been limited to individuals, with several towns in the U.S being targeted this year. In June, Riviera Beach in Florida paid 65 BTC, equivalent to $633,000 at the time, to end a ransomware attack against the town.

To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.

COMMENT

[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]