GermanWiper Ransomware

Posted: August 5, 2019

The GermanWiper Ransomware is a file-wiping Trojan that imitates the symptoms of a file-locking one. Although the GermanWiper Ransomware creates ransom messages, claiming that it can restore your files, victims should be aware that there is no 'unlocking' or decryption solution for this threat. Appropriate backups should be put to use for recovery and anti-malware products for deleting the GermanWiper Ransomware or quarantining it safely.

Why there's Zero Benefit in Paying Criminals

The potential dishonesty of a Trojan's payload is something taken for granted if you're not used to dealing with them and are panicking after an infection. The GermanWiper Ransomware is one of the most prominent of ransom-based Trojans today that's taking advantage of that for making money, at the victim's expense – in more ways than one. While aping file-locking Trojans of greater infamy than it, like the Crysis Ransomware and the RaaS industry, the GermanWiper Ransomware proceeds with destroying files instead of locking them.

The GermanWiper Ransomware's symptoms are, externally, not much different from its 'competing' Trojans. It appends an extension of five, random characters onto any files that it attacks, and targets digital media, such as documents. It also changes the desktop's wallpaper and drops an HTML file as part of its ransom-demanding routine, which asks for Bitcoins for repairing your media.

However, unlike a genuine, file-locking Trojan, the GermanWiper Ransomware doesn't encrypt the data. Instead, it overwrites it with zeroes, essentially, 'wiping' the file of all meaningful information. Whether or not it also removes local backups is something that malware experts have yet to ascertain. However, there's no advantage in paying the ransom that the GermanWiper Ransomware demands; it can't unlock what's not locked in the first place.

Subtracting File-Destroying Tactics from Your Life

The GermanWiper Ransomware is far from a unique snowflake; file-wiping Trojans with similar tactics are evident throughout 2019 and previously. The All-in-One Ransomware, the ZeroAdypt Ransomware, and the non-commercial Pure Goof Wiper are different examples of how Trojans can destroy files and use social engineering against their victims simultaneously. In all cases, malware experts warn against paying ransoms and are happy to note that the GermanWiper Ransomware's Bitcoin wallet is empty.

The GermanWiper Ransomware's current campaign is specific to German-speaking victims, with suitably-customized infection tactics. E-mail attacks bearing fictitious job applications are luring PC users into opening corrupted, ZIP-compressed attachments. Although the GermanWiper Ransomware makes up less of a proportion of attacks of this type significantly, compared to Ransomware-as-a-Services like the Scarab Ransomware, users should remain cautious and scan file attachments before opening them.

Two out of three anti-malware services identify and remove the GermanWiper Ransomware appropriately, and malware experts expect that number's rising as improvements to detection heuristics become available.

Rewarding crime pays paltry dividends, no matter how desperate you are to get your work back to normal. File-wiping Trojans like the GermanWiper Ransomware are counting on emotions overriding rationality, whereas PC owners always should prioritize well-reasoned responses to Trojan assaults.