A new week, a virus threat. This time Ordinypt. Since the beginning of this week there are more and more reports of a new wave of Ransomware which attacks German companies.
Ordinypt: The application letter
The new Ordinypt Ransomeware wave distributes itself like many of your predecessors also via e-mails. This time a classic of phishing techniques is used. The malware is distributed via a fake application letter from an “Eva Müller”. The e-mail refers to a job advertisement allegedly posted by the employment agency.
This e-mail is a very nice way to recognize two tricks for phishing e-mails. On the one hand no contact persons are named for the application, but a generic address is used. Furthermore, the e-mail does not indicate to which position it refers. With such unspecific e-mails with a file attachment, it is best to become sceptical directly and not to open them in case of doubt.
Ordinypt: Another Ransomware
The attachment to this e-mail contains a compressed zip file with the name “Eva Richter Bewerbung und Lebenslauf.zip”. This zip file alone does not perform any malicious functions when unpacked. If this file should be unpacked, it contains a file name “Eva Richter Bewerbung und Lebenslauf.pdf.exe”.
Gefakter Curriculum Vitae which Ordinypt starts (Source: bleepingcomputer.com).
For a Windows user who has hidden the file extensions, this file would look like a PDF. But it is a software that encrypts the victim’s data and requires a ransom of about 1300€ in Bitcoin for the decryption. The cryptic string “MyyqA” is used as the file extension of the encrypted data.
A protection against ransomware such as Ordinypt
Effective protection against viruses and ransomware such as Ordinypt is very difficult on the technical side. Especially when a company is one of the first targets of a malware wave, many antivirus products do not yet recognize it as such. Therefore, the greatest protection against such is a trained and alert employee who knows the tricks of a phishing and malware attack to detect. This should ensure that all employees are trained regularly on how to detect new scams. Furthermore, all administrators should try to inform their employees about malware waves such as Ordinypt.