August 7, 2019 By David Bisson < 1 min read

Researchers spotted a new malware family called GermanWiper that masquerades as ransomware but destroys affected data even when victims pay the ransom.

Bleeping Computer first learned of GermanWiper on July 30 when victims began posting about it on the site’s forums. According to the researchers, the malware began by leaving a ransom note prompting the victim to pay 0.15038835 bitcoins for a decryption key. But the sample they analyzed didn’t encrypt the victim’s data. Instead, it overwrote each file’s data with ones and zeroes, effectively destroying its contents.

According to Bleeping Computer, digital attackers distributed GermanWiper primarily in Germany through a spam campaign. The attack email masqueraded as a job application from a person named Lena Kretschmer. It contained an attachment named Unterlagen_Lena_Kretschmer.zip, which carried malicious PDF documents that downloaded the malware’s executable via a PowerShell command.

More Wiper Malware Disguised as Ransomware

Data wipers have been assuming ransomware as a disguise for years. In June 2017, IBM X-Force Incident Response and Intelligence Services (IRIS) analyzed the international outbreak of NotPetya malware and concluded that attackers were not financially motivated; they aimed simply to destroy data.

Just a few months later, SpamTitan reported on Ordinypt, another wiper family that targeted Germany posing as ransomware. Just a few months after that, Cisco Talos observed how some variants of LockerGoga were effectively preventing users from logging back onto their infected systems following the encryption process, thus rendering their infections destructive.

Defend Your Data Against GermanWiper

Security professionals can help defend against GermanWiper by using an endpoint management solution to provide visibility into the company’s assets and help streamline the process of patching known vulnerabilities. Security teams should also employ a layered defense strategy that draws on antimalware solutions, security awareness training and data backups to defend against destructive malware attacks.

More from

How to calculate your AI-powered cybersecurity’s ROI

4 min read - Imagine this scenario: A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence (AI) that closely mimic the company's internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes.The organization's AI-powered cybersecurity solution, which continuously monitors network traffic and user behavior, detects several anomalies associated with the attack, blocks access to the suspicious domains…

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

The current state of ransomware: Weaponizing disclosure rules and more

4 min read - As we near the end of 2024, ransomware remains a dominant and evolving threat against any organization. Cyber criminals are more sophisticated and creative than ever. They integrate new technologies, leverage geopolitical tensions and even use legal regulations to their advantage.What once seemed like a disruptive but relatively straightforward crime has evolved into a multi-layered, global challenge that continues to threaten businesses and governments alike.Let’s take a look at the state of ransomware today. We’ll focus on how cyber criminals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today