Ordinypt is a new ransomware in Germany . It appears as a ransomware but destroys data. It seems to be targetting only people in Germany because of its email delevering language only in German. The email arrives as a ”job advertisement submission” resume with 2 files attachments : – A JPG image of a woman submitting a resume
-a ZIP file supposedly containing a resume and Curriculum Vitae.
The ZIP archive contains two EXE files, but appears to be PDFs files to fool the user that those are not executable. Clicking on the EXE files will launch the Ordinypt wiper. This malware does not encrypt files but overwrites these latter with random data.
It displays a ransom note in every folder where it destroys files named Wo_sind_meine_Dateien.html, translates as where_are_my_files.
The only ways to bypass are:
- Ensure anti-virus software and associated libraries are up to date
- Ensure attachments do not have hidden / double extensions prior to clicking to open
Guy Ngongang 