Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Ordinypt 'Ransomware' Destroys Data Instead of Encrypting It

 
November 15th 2017
A new malware called Ordinypt that targets German users is making the rounds—billing itself as ransomware. However, the code is really a wiper, with apparent twin motives of financial gain as well as disrupting business operations.

G Data security researcher Karsten Hahn found that the malware, which also goes by the name HSDFSDCrypt, is targeting German users for the moment, using emails and ransom notes that are written in flawless Deutsch. It’s being spread via responses to job ads—the emails purport to have a ZIP file with a resume and CV attached.

According to an analysis from Valthek, once opened, the malware infects a victim’s machine, making files inaccessible, and then requests 0.12 Bitcoin (around 600 EUR) for recovering them. Unbeknownst to the target, the files are actually destroyed, not encrypted, and the attackers have no code for “unlocking” them, even if victims pay up.

Interestingly, Valthek found that the malware deletes files, overwriting them with garbage strings of random letters and numbers. However, the affected files will remain in the raw hard disk untouched—leaving open the possibility (“with luck”, he said) to recovering them using a program such as Recuva. It also doesn’t destroy Shadow Volume or Restore Point files in the system, he said, so the use of a tool like Shadow Explorer could be useful in getting data back.

In both cases though, Valthek said it’s unlikely that victims will be able to recover their files in totality.

What’s also notable about the code is that while it’s effective, it’s poorly written. Valthek’s overall assessment of it is straightforward: “A stupid malware that destroy information of enterprises and innocent people and try steal money saying that is a ransomware. Bad coding style, a easy packer, only need one hour of my time to reverse it and writing this report.”

Source

Keywords