Ordinypt: A new Germany-wide Ransomware wave!

M.Sc. Chris Wojzechowski

Ordinypt: A new Germany-wide Ransomware wave!

A new week, a virus threat. This time Ordinypt. Since the beginning of this week there are more and more reports of a new wave of Ransomware which attacks German companies.

Ordinypt: The application letter

The new Ordinypt Ransomeware wave distributes itself like many of your predecessors also via e-mails. This time a classic of phishing techniques is used. The malware is distributed via a fake application letter from an “Eva Müller”. The e-mail refers to a job advertisement allegedly posted by the employment agency.

Spam-Email
Ordinypt Spam E-Mail (Source: bleepingcomputer.com)

This e-mail is a very nice way to recognize two tricks for phishing e-mails. On the one hand no contact persons are named for the application, but a generic address is used. Furthermore, the e-mail does not indicate to which position it refers. With such unspecific e-mails with a file attachment, it is best to become sceptical directly and not to open them in case of doubt.

Ordinypt: Another Ransomware

The attachment to this e-mail contains a compressed zip file with the name “Eva Richter Bewerbung und Lebenslauf.zip”. This zip file alone does not perform any malicious functions when unpacked. If this file should be unpacked, it contains a file name “Eva Richter Bewerbung und Lebenslauf.pdf.exe”.

Ordinypt Installer Gefakter Curriculum Vitae which Ordinypt starts (Source: bleepingcomputer.com).

For a Windows user who has hidden the file extensions, this file would look like a PDF. But it is a software that encrypts the victim’s data and requires a ransom of about 1300€ in Bitcoin for the decryption. The cryptic string “MyyqA” is used as the file extension of the encrypted data.

A protection against ransomware such as Ordinypt

Effective protection against viruses and ransomware such as Ordinypt is very difficult on the technical side. Especially when a company is one of the first targets of a malware wave, many antivirus products do not yet recognize it as such. Therefore, the greatest protection against such is a trained and alert employee who knows the tricks of a phishing and malware attack to detect. This should ensure that all employees are trained regularly on how to detect new scams. Furthermore, all administrators should try to inform their employees about malware waves such as Ordinypt.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.