Hitler ransomware just deletes files instead encrypt them

Pierluigi Paganini August 14, 2016

Security experts detected and analyzed a new threat, the Hitler ransomware, that doesn’t encrypt files but simply deletes them.

Ransomware is one of the most dreaded threats for Internet users and a profitable business for crooks. In the last months, we have seen a number of malware belonging to this category, one of the most recent is a Hitler-themed ransomware that doesn’t encrypt files, but simply deletes them.

Hitler ransomware

In reality, the threat appears to be a work in progress project developed by coders without specific skills.

The Windows ransomware displays a lock screen featuring Hitler, together with a message that warns users that files have been encrypted.

The ransomware requests the payment of only 25 euros, in the form of a Vodafone cash card. It is unusual for such kind of crimes.

The lock screen features a misspelling “Ransonware.”

The website Bleeping Computer published a detailed analysis of the Hitler ransomware that was first spotted by the malware analyst Jakub Kroustek from AVG.

“This ransomware appears to be a test variant based on the comments in the embedded batch file and because it does not encrypt any files at all. Instead this malware will remove the extension for all of the files under various directories, display a lock screen, and then show a one hour countdown as shown in the lock screen below.” reads the post published by Bleeping Computer “After that hour it will crash the victim’s computer, and on reboot, delete all of the files under the %UserProfile% of the victim. I hope this is not the actual code that this ransomware developer plans on using if it goes live.”

The experts have found the string “Das ist ein Test” (“This is a test”) in an embedded batch file, a circumstance that suggests the developer are German based.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Hitler ransomware, malware)



you might also like

leave a comment