For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data.
As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them recover their files. Unless users had created offline backups of their data, their files are most likely gone for good.
For now, the only good news is that this ransomware appears to be limited to spreading in German-speaking countries only, and with a focus on Germany primarily. First signs of GermanWiper were reported earlier this week when victims started asking for help on the Bleeping Computer forums, a popular place where internet users congregate to get advice in dealing with ransomware infections. The first report came on Tuesday, July 30, and they kept piling on through the following days. The GermanWiper ransomware is currently being distributed via malicious email spam (malspam)
These emails claim to be job applications from a person named “Lena Kretschmer.” A CV is attached as a ZIP file to these emails, and contains a LNK shortcut file. The LNK file is boobytrapped and will install the GermanWiper ransomware.