Germany Gets Hit With Destructive Filewiper Phishing Attack



A new criminal campaign is underway that pretends to be a job application from "Eva Richter" who is sending "her photo and resume". This resume, though, is actually an executable masquerading as a PDF file that destroys a victim's files by installing the Ordinypt Wiper.

Ordinypt is a destructive malware commonly targeted at German people that pretends to be ransomware that encrypts your files and then demands victim's pay a ransom to get their files back. Unfortunately, even if a user pays the ransom, the files have been overwritten with garbage and cannot be decrypted.

Fake 'Eva Richter' job application

This campaign is currently targeting German speaking victims and pretending to be a job application from a person named "Eva Richter". These emails will have a subject line of "Bewerbung via Arbeitsagentur - Eva Richter".

The spam emails contain a stock photo image of a woman, who is supposed to be our job applicant, and a zip file named "Eva Richter Bewerbung und" that pretends to be her resume.

From the samples and ransom notes seen by BleepingComputer, this campaign appears to have started around September 11th, 2019.

Destroying the data

Once Ordinypt ​​​​​​ is started, it will begin to destroy the files on a victim's computer. This process is almost identical to how a ransomware works, such as skipping files, terminating processes, not wiping certain certain extensions, and even appending an extension to the 'encrypted' files as shown below.

Training Your Users

Your end-users are the weak link in your IT Security. They need to be sent simulated phishing attacks that look as close as possible like the real thing. That way they will recognize real attacks when they make it through all the filters into their inbox. Bleepingcomputer has the technical details.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews