September 16, 2019
Wiper Malware Targeting German Companies
A new strain of ransomware is targeting German companies with a sophisticated phishing campaign.
According to reports, the culprits are sending a fake job application that appears to contain a resume and photo but instead contains the ransom payload that installs Ordinypt.
Similar to some recent cases, Ordinypt is a wiper malware and goes a step further in the ransomware scheme to delete infected files instead of only encrypting them and demanding payment for a decryption key. In addition, Ordinypt deletes shadow volume copies and disables the Windows 10 recovery environment after wiping the files.
The attack has had a small footprint so far, only hitting 10 known victims, demanding a ransom of about $2,100 in each instance.
Paying the ransom demand is never the preferred option, but it is especially useless in this case because your files are deleted as soon as the ransomware infects its victim.
This is a reminder that the best way to fight ransomware is by protecting your files and systems and preventing the ransomware in the first place. This is done with a multilayered approach:
- Use a good quality antivirus program, and patch and update operating systems regularly
- Educate your users about ransomware and how to detect phishing and social engineering schemes
- Back up files often — and automatically. While the backup does not prevent infiltration, it does give you an out — instead of paying the ransom, you can restore to a pre-attack status
To learn more about the current landscape of ransomware and how you can avoid falling victim, check out Datto's State of the Channel Ransomware Report.