Offensive Security

Ordinypt: A new Germany-wide Ransomware wave!

Ordinypt: A new Germany-wide Ransomware wave!

A new week, a virus threat. This time Ordinypt. Since the beginning of this week there are more and more reports of a new wave of Ransomware which attacks German companies.

Ordinypt: The application letter

The new Ordinypt Ransomeware wave distributes itself like many of your predecessors also via e-mails. This time a classic of phishing techniques is used. The malware is distributed via a fake application letter from an “Eva Müller”. The e-mail refers to a job advertisement allegedly posted by the employment agency.

Spam-Email
Ordinypt Spam E-Mail (Source: bleepingcomputer.com)

This e-mail is a very nice way to recognize two tricks for phishing e-mails. On the one hand no contact persons are named for the application, but a generic address is used. Furthermore, the e-mail does not indicate to which position it refers. With such unspecific e-mails with a file attachment, it is best to become sceptical directly and not to open them in case of doubt.

Ordinypt: Another Ransomware

The attachment to this e-mail contains a compressed zip file with the name “Eva Richter Bewerbung und Lebenslauf.zip”. This zip file alone does not perform any malicious functions when unpacked. If this file should be unpacked, it contains a file name “Eva Richter Bewerbung und Lebenslauf.pdf.exe”.

Ordinypt Installer Gefakter Curriculum Vitae which Ordinypt starts (Source: bleepingcomputer.com).

For a Windows user who has hidden the file extensions, this file would look like a PDF. But it is a software that encrypts the victim’s data and requires a ransom of about 1300€ in Bitcoin for the decryption. The cryptic string “MyyqA” is used as the file extension of the encrypted data.

A protection against ransomware such as Ordinypt

Effective protection against viruses and ransomware such as Ordinypt is very difficult on the technical side. Especially when a company is one of the first targets of a malware wave, many antivirus products do not yet recognize it as such. Therefore, the greatest protection against such is a trained and alert employee who knows the tricks of a phishing and malware attack to detect. This should ensure that all employees are trained regularly on how to detect new scams. Furthermore, all administrators should try to inform their employees about malware waves such as Ordinypt.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.