Ordinypt Ransomware Wipes German HR Agencies Clean

Ordinypt Ransomware is not your ordinary ransomware in the sense that it does not actually encrypt your files to demand a ransom fee for the decryption. This dangerous threat was first noticed back in November, 2017. This ransomware is known to target only German users. However, our research shows that this serious malware infection does not attack private users but mostly Human Resource agencies and companies. This is why some malware hunters believe that this could be a sort of revenge from someone who could not get a job in Germany. The code of the ransomware program indicates that this attacker (or attackers) is not out for ransom but more for destruction and causing chaos in the German HR system. The only possible way to recover your files after this attack is to have a recent backup copy on a removable hard disk. Hopefully, HR agencies and departments do have such backups and can restore their data quickly after removing Ordinypt Ransomware.

Cyber crooks often make the mistake of using broken, grammatically incorrect language in their ransom note or in the spamming campaigns they use to spread their poison. However, in this case, malware experts are surprised to find that the spam e-mail used to distribute the payload is in perfect German language. And, it obviously has to be if these crooks want to be taken seriously by the German HR system. This dangerous infection is spread as attached files claiming to be the job application of either Giselle Wolf or Viktoria Henshel.

As a matter of fact, there was a ransomware campaign back in May, 2017 that used Giselle Wolf as a cover for spreading the severe threat called Cerber Ransomware. However, this time, only Ordinypt Ransomware was found distributed under these fake names. Since the spam e-mail itself does not raise doubt in its reader, it is only one click away to infect a computer packed with HR data. Once you try to open the attached file or files, which can be disguised as an image and a ZIP archive, you actually initiate this dangerous attack. This is true for most of the ransomware programs. And, this is why you cannot save your files from destruction even if you manage to delete Ordinypt Ransomware in the end. You need to become ever more careful around your e-mails because, as you can see, such a nightmare is only a click away if a spam mail can trick you into believing that it is authentic and important.

This dangerous ransomware is indeed a so-called wiper. As it may suggest, it does not encrypt your files even if it would make you believe so. Instead, this malware infection deletes your original files after renaming them by giving them random names using a combination of uppercase and lowercase letters as well as numbers. A ransom note is also dropped in all affected folders under the name of "Wo_sind_meine_Dateien.html" meaning "Where are my files."

Of course, you may not be able to tell that your files have been wiped clean from your system and they have not been encrypted at all. The ransom note pretends that you can actually recover your files if you pay 0.12 Bitcoins (about 1,700 dollars right now) to these criminals. When it comes to corporations, this cannot be called a huge amount, in fact. Nevertheless, since there is no way for these criminals to recover your files since they have not been encrypted and there is no decryption key, it would be totally useless to pay this fee. As a matter of fact, our research shows that this ransomware does not actually delete the shadow volume copies of the deleted files and leaves the restoration points untouched, too. In other words, you may be able to recover those files in the end if you are an advanced user or find a professional who could help you with that. But first, you should remove Ordinypt Ransomware from your computer.

But even if you may be able to recover your files, Ordinypt Ransomware still counts as a severe threat as it destroys all your important files. If your computer is not protected with up-to-date anti-malware software like SpyHunter, you need to think twice before you open an e-mail with attachments, you need to make sure that your browsers are always updated, and you also need to avoid landing on questionable websites. This is how you may be able to protect your system against similar dangerous threats. Of course, we advise you to install a decent security tool if you want peace of mind in your virtual world.