Insidious new Bitcoin ransomware called “GermanWiper” won’t return your data – even after you pay. That’s because it destroys your files. | Source: Shutterstock
An insidious new strain of Bitcoin ransomware adds insult to injury for its unfortunate victims, as it refuses to restore access to your data – even after you fork over the ransom payment.
The malware, GermanWiper, tells victims it has encrypted their data, when in reality it has erased it completely. It then demands 0.15038835 BTC (approximately $1,750) under the pretext of offering victims a chance to get their data back.
The operating strategy of the GermanWiper Bitcoin ransomware
Bleeping Computer reports that GermanWiper has, to date, primarily affected Microsoft Windows users in Germany.
GermanWiper uses a devious phishing campaign to target and infect business computers. The hackers package the malware in emails that appear to be from job applicants.
On the Bleeping Computer forums, some of those who have encountered the Bitcoin ransomware indicated that the phishing emails look like serious and highly professional job applications – complete with perfect grammar and spelling:
“My ‘customer’ was expecting job applications, as they had an advert posted with the ‘Bundesagentur für Arbeit’ (aka Jobcenter) and from what I have gathered from the Internet other victims also had jobs to offer. Pictures and other info was stolen from Xing it would seem. The grammar and spelling was good, and everything seemed in order. So no chance for the regular user to avoid this trap.”
The devil is in the zipped folder
One particular case involves a job applicant named Lena Kretschmer who is sending emails bearing subject: “Ihr Stellenangebot – Bewerbung [Your job offer – Application] – Lena Kretschmer.”
The email also contains an attachment with the .zip extension.