Ransomware attack reports are in that a new variant of ransomware is targeting companies operating in Germany. Dubbed as GermanWiper the ransomware tends to have the ability to replace the infected files with zeroes and ones, thus destroying the ability to recover the files with decryption keys after a ransom payment or by any other means.
So, security researchers are advising those infected to not pay any ransom to hackers as the guaranty to decrypt the files or recover the data is almost zero and it will encourage crime propagation.
Therefore, users who have created backup copies for their data are said to be safe from this ransomware infection and those who do not are reported to be extremely vulnerable to GermanWiper ransomware attack.
As of now, the news is out that the infection spread is limited to companies operating in Germany and that populace who speak the German language.
Germany’s Computer Emergency Response Team (CERT) has concluded that GermanWiper Ransomware is currently being spread through email phishing campaigns and HR staff of all top companies is being targeted in the name of Job Applications and financial dealings.
Interestingly, this is not the first time when the companies operating in Germany are being targeted with ransomware. A ransomware strain named Ordinypt was also found to be hitting corporate companies based in Germany in Nov’17 and the strain was being circulated to malspam.
Note- Technically, ransomware is a file-encrypting malware which decrypts files only after the ransomware author gets rewarded by cryptocurrency through proper channel. But in the case of GermanWiper, the infection slack is different as the malware after encryption is starting to replace the file content with Zeroes; making it impossible to recover afterward.