Engineering:Hitler-Ransomware

From HandWiki
Hitler-Ransomware
Hitler salute in front of lamppost.jpg
Image displayed on infected devices[1]
AliasesHitler-Ransonware
ClassificationRansomware
Point of originGermany
Written inEnglish

Hitler-Ransomware, or Hitler-Ransonware [sic], is a form of ransomware created in 2016 originating in Germany. It requests payment within one hour; otherwise, it will delete files from the infected computer.

History

Hitler-Ransomware was first developed in 2016. The ransomware activates with a lock screen with an image of Adolf Hitler giving a Nazi salute. The message on it states "This is the Hitler-Ransonware [sic]. Your files was encrypted! Do you decrypt your files?". It then demands payment in the form of a €25 Vodafone mobile phone gift card and gives the owner of the computer one hour to pay with a countdown timer accompanying.[2] Failing to pay the ransom when the one hour countdown timer reaches zero results in the system crashing with a blue screen of death and when the computer reboots, all of the files in the computer's user profile folders have been deleted.[3] Contrary to what it claims, the ransomware does not encrypt the computer files; instead, it runs a script to mislead people into thinking their files have been encrypted.[4]

The virus was discovered by the AVG Technologies analyst Jakub Kroustek. Upon further investigation of it, he determined that it likely originated in Germany as a prototype given that the batch file associated with it had the words "Das ist ein Test" (German: This is a Test) in it.[5] It is noted that while the Hitler ransomware's demand for payment in gift cards instead of Bitcoin was uncommon, it was not unique to this ransomware.[6] Spelling mistakes made in the demands have led technology journalists to joke that it could upset Grammar Nazis.[6]

An updated version of Hitler-Ransomware disguised as "CainXPii" called “Hitler 2" was later released. This version was similar to the original except that it corrected the spelling of "ransomware" and removed the countdown timer.[1] In January 2017, an updated version known as "The FINAL version" of Hitler-Ransomware was released.[7]

References

  1. 1.0 1.1 Britec Computers. Hitler 2 Ransomware prevents the use of Windows. YouTube. Retrieved 2018-02-14.
  2. "Hitler ransomware demands victims pay €25 in Vodafone Card and deletes files instead of encrypting". International Business Times. 2016-08-10. http://www.ibtimes.co.uk/hitler-ransomware-still-development-mode-deletes-files-demands-victims-pay-via-phone-top-card-1575265. 
  3. "This Week in Crude Attempts at Malware: 'Hitler-Ransomware'". Vice. 2016-08-09. https://motherboard.vice.com/en_us/article/53d5wq/this-week-in-crude-attempts-at-malware-hitler-ransomware. 
  4. "Development version of the Hitler-Ransomware Discovered". Bleepingcomputer.com. 2016-08-08. https://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/. 
  5. "Hitler 'ransomware' offers to sell you back access to your files – but just deletes them". The Register. https://www.theregister.co.uk/2016/08/10/hitler_ransomware/. 
  6. 6.0 6.1 Storm, Darlene (2016-08-10). "Thugs developing cat-themed ransomware for Androids and Hitler ransomware for PCs". Computerworld. https://www.computerworld.com/article/3106056/security/thugs-developing-cat-themed-ransomware-for-androids-and-hitler-ransomware-for-pcs.html. 
  7. "January 2017: The Month in Ransomware". Tripwire. 2017-02-08. https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/january-2017-month-ransomware/.