A new malware called Ordinypt that targets German users is making the rounds — billing itself as ransomware. What’s worse is that the code is really a wiper, with apparent twin motives of financial gain as well as disrupting business operations.
G Data security researcher Karsten Hahn found that the malware, which also goes by the name HSDFSDCrypt, is targeting German users for the moment, using emails and ransom notes that are written in flawless Deutsch. It’s being spread via responses to job ads with emails having a ZIP file with a resume and CV attached.
Once opened the malware infects a victim’s machine, making files inaccessible, and then requests 0.12 Bitcoin (around 600 EUR) for recovering them. Unfortunately the files are actually destroyed, not encrypted, and the attackers have no code for “unlocking” them, even if victims pay up.
SOURCE: INFOSECURITY GROUP