A Ransomware named German Wiper deletes data and, of course, demands ransom money. According to the CERT-Bund, the computer emergency team of the BSI, and the Landeskriminalamt Niedersachsen (the state criminal investigation office), dangerous job-application e-mails are currently in circulation. What is unusual about this case, is that data is not just encrypted, but is irretrievably destroyed. Unfortunately, this type of fraud cannot be reliably detected by whitelisting because it is sent by different senders with different domains.
How the Ransomware works
Before the attacker’s ransom request appears, files on the device are overwritten with zeros and file extensions are changed. Under no circumstances should the attached zip file of the application e-mail be executed, as this will download and start the blackmailing-trojan. Even paying the ransom, which is something we advise against in most circumstances, does not lead to the recovery of the files. A recovery of your data is therefore no longer possible.
How can you protect yourself against this?
Panda Adaptive Defense 360 not only analyzes the process chain of the suspicious email itself, but also blocks any unknown interaction that occurs by clicking on the attachment.
This means that unknown and possibly untrustworthy commands are not allowed in the first place. These are classified in real time by our algorithms in PandaLabs. The execution of the unknown Portable Executable (PE) is therefore interrupted and only after classification by our malware analysts it is decided whether this chain turns out to be goodware or malware.
Proactive protection and the creation of a trusted environment is the only way to a secure IT infrastructure.
If you want to read the original article in German, please visit our blog.