Blackmail Trojan German Wiper Deletes Data | heise online

CERT-Bund, the emergency team of the BSI, currently warns of a particularly perfidious ransomware variant: the one to supposed application letter attached zip archive does not contain the resume as a Word document, but a Windows link file. This will start the Powershell in Windows when clicking, to reload the actual malware from a server, The application mail uses different names and sender domains so that the malware can not be reliably identified. Linguistically, the mail gives little reason for suspicion. As far as nothing new.

But those who innocently activate the GermanWiper-banned Trojan lose data permanently: instead of consuming it, the malware overwrites files with zeroes and changes the file extension before it displays the ransom note. You should definitely not follow him. The only key to recovering the data is your own backup after cleaning the PC.

Blackmail Trojan German Wiper deletes data

(Picture: TeroVesalainen)

What is the difference between crypto-miner and ransomware? And how safe is Windows? Answers to the most important questions about malicious software.

show more


. (TagsToTranslate) BSI (t) Application (t) CERT-Bund (t) e-mail (t) Ransomware