Researchers from G data Security have found evidence that a new variant of ransomware called Ordinypt was found targeting German companies via email phishing. They also came to a conclusion that the said malware was actually a wiper disguised as ransomware.
Karsten Hahn, a senior researcher at G Data claims that the ransomware was targeting only German users via emails written only in German and delivering ransom notes in an error-free German language. Karsten suspects that the said malware could have been developed by hackers hailing from German region or someone from central Europe or so.
Ordinypt is found mimicking the functions of Petya Ransomware as it is being circulated in the form of resumes being sent in reply to job advertisements. The job email contains two files- the first a JPG image of the woman sending a resume and the second one a ZIP file containing the resume and a curriculum vitae.
The attachments are named as Viktoria Henschel Bewerbungsfoto.jpg and Viktoria Henschel-Bewerbungsunterlagen.zip.
Security researchers from G Data say that the said ransomware is actually a wiper which replaces files with data. Means, it destroys the database by replacing original data with some random data, instead of encrypting on the whole.
But experts from Sophos say that the developers first give some time to the victim to make a payment as ransom in exchange for the decryption key. Failing which Ordinypt will replace the contents of the files with randomly generated characters consisting of uppercase and lowercase letters and numbers.
The intentions of the cyber crooks in spreading such malware are very clear. They just want to target HR departments with job applications infected with malware and want to start a network damaging campaign among some big branded SMBs operating in Germany.
Remember, Germany is known to house most of the international brands including Mercedes Benz, BMW, SAP, Volkswagen, Audi, Siemens, Allianz, Adidas, Porsche, Deutsche Bank and Bosch.