German Companies Targeted by New Malware

Companies all over Germany are right now targeted by new email phishing campaign using Ordinypt malware. Ordinypt pretends to be a ransomware attack - it adds random extension to files and includes a ransom note for 0.1473766 BTC (approx. $1,518.92). In reality this malware is a wiper and irreversibly destroys all the files, as well as deletes shadow volume copies and disables the Windows 10 recovery environment. The wiper is send with a fake job application email from Eva Richter, entitled "Bewerbung via Arbeitsagentur - Eva Richter". It is well written and contains two attachments - a stock photo of a woman and a executive file pretending to be a pdf - "Eva Richter Bewerbung und Lebenslauf.pdf.exe", which when opened starts Ordinypt.

Author image

About Ariadna Pawluk

Cybersecurity enthusiast, hunting all the freshest news, insights and tidbits.