About us

Certifications

Memberships

Commitment

Industries

PRESS

Career

Contact us

Offensive Security

Ordinypt: A new Germany-wide Ransomware wave!

Ordinypt: A new Germany-wide Ransomware wave!

A new week, a virus threat. This time Ordinypt. Since the beginning of this week there are more and more reports of a new wave of Ransomware which attacks German companies.

Ordinypt: The application letter

The new Ordinypt Ransomeware wave distributes itself like many of your predecessors also via e-mails. This time a classic of phishing techniques is used. The malware is distributed via a fake application letter from an “Eva Müller”. The e-mail refers to a job advertisement allegedly posted by the employment agency.

Spam-Email
Ordinypt Spam E-Mail (Source: bleepingcomputer.com)

This e-mail is a very nice way to recognize two tricks for phishing e-mails. On the one hand no contact persons are named for the application, but a generic address is used. Furthermore, the e-mail does not indicate to which position it refers. With such unspecific e-mails with a file attachment, it is best to become sceptical directly and not to open them in case of doubt.

Ordinypt: Another Ransomware

The attachment to this e-mail contains a compressed zip file with the name “Eva Richter Bewerbung und Lebenslauf.zip”. This zip file alone does not perform any malicious functions when unpacked. If this file should be unpacked, it contains a file name “Eva Richter Bewerbung und Lebenslauf.pdf.exe”.

Ordinypt Installer Gefakter Curriculum Vitae which Ordinypt starts (Source: bleepingcomputer.com).

For a Windows user who has hidden the file extensions, this file would look like a PDF. But it is a software that encrypts the victim’s data and requires a ransom of about 1300€ in Bitcoin for the decryption. The cryptic string “MyyqA” is used as the file extension of the encrypted data.

A protection against ransomware such as Ordinypt

Effective protection against viruses and ransomware such as Ordinypt is very difficult on the technical side. Especially when a company is one of the first targets of a malware wave, many antivirus products do not yet recognize it as such. Therefore, the greatest protection against such is a trained and alert employee who knows the tricks of a phishing and malware attack to detect. This should ensure that all employees are trained regularly on how to detect new scams. Furthermore, all administrators should try to inform their employees about malware waves such as Ordinypt.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.

AWARE7 GmbH

Munscheidstr. 14
45886 Gelsenkirchen

Tel. +49 (0) 209 - 8830 6760
Fax. +49 (0) 209 - 8830 6769
Mail info@aware7.de

Opening hours
Monday - Friday
8:00 - 17:00

COMPANY

About us

Certifications

Memberships

Commitment

Code of Conduct

Career

Contact us

AWARENESS

Live Hacking Show

Managed Phishing Simulation

RESOURCES

IT-Security Blog

Media package

Success Stories

OFFENSIVE SERVICES

Penetration test

Vulnerability scan

IT security emergency

360° SME analysis

CONTACT

Contact form

Call for proposal (CfP)

CONSULTING

ISMS consulting

External information security officer

Imprint Privacy policy
Directions

All prices incl. VAT.