Why are cybercriminals disguising wipers as ransomware?
#1
Lightbulb 
Quote:
[Image: logo.svg]

There’s a new spam campaign in town. Disguised as a job application from a person named “Eva Richter”, the campaign aims to infect German-speaking users with a strain of malware known as Ordinypt.

Ordinypt resembles your run-of-the-mill ransomware but contains no mechanism that allows users to retrieve their files. Instead, it simply overwrites the data, rendering it permanently irrecoverable. The destructive nature of Ordinypt means there’s no incentive for victims to pay the ransomware, which begs the question: what’s the point?

How does the Ordinypt spam campaign work?

The Ordinypt spam campaign targets German-speaking people with emails that appear to be a job application. The emails are sent from “Eva Richter” and have the subject line “Bewerbung via Arbeitsagentur – Eva Richter” (“Application via employment office – Eva Richter”).

The body of the email contains the following text (translated from German):

Quote:Dear Sirs and Madams,

I hereby apply for the position offered by you at the Employment Agency.

The field of activity you describe corresponds especially to my career prospects. My application documents are attached.

I would be very happy about an invitation to a personal job interview.

Yours sincerely,

Eva Richter

The emails contain an attached zip file that purports to be Eva’s resume. Inside the zip file is a file called “Eva Richter Bewerbung und Lebenslauf.pdf.exe”. Opening this file executes the Ordinypt malware, which seemingly begins to encrypt the victim’s files and adds an extension to the encrypted files.

When the process is complete, a ransom note is created. The note instructs victims to make a payment at a Tor site in order to receive a decryptor, which will allow them to recover their files. In the examples seen by BleepingComputer, the ransom amount was 0.145 BTC, or roughly $1,500.
...
Continue Reading
Reply


Messages In This Thread
Why are cybercriminals disguising wipers as ransomware? - by harlan4096 - 27 September 19, 07:41

Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>