Hitler-Ransomware
Image displayed on infected devices[1] | |
Aliases | Hitler-Ransonware |
---|---|
Classification | Ransomware |
Point of origin | Germany |
Written in | English |
Hitler-Ransomware, or Hitler-Ransonware [sic], is a form of ransomware created in 2016 originating in Germany. It requests payment within one hour; otherwise, it will delete files from the infected computer.
History
Hitler-Ransomware was first developed in 2016. The ransomware activates with a lock screen with an image of Adolf Hitler giving a Nazi salute. The message on it states "This is the Hitler-Ransonware [sic]. Your files was encrypted! Do you decrypt your files?". It then demands payment in the form of a €25 Vodafone mobile phone gift card and gives the owner of the computer one hour to pay with a countdown timer accompanying.[2] Failing to pay the ransom when the one hour countdown timer reaches zero results in the system crashing with a blue screen of death and when the computer reboots, all of the files in the computer's user profile folders have been deleted.[3] Contrary to what it claims, the ransomware does not encrypt the computer files; instead, it runs a script that disassociates all file types to mislead people into thinking their files have been encrypted.[4]
The virus was discovered by the AVG Technologies analyst Jakub Kroustek. Upon further investigation of it, he determined that it likely originated in Germany as a prototype given that the batch file associated with it had the words "Das ist ein Test" (German: This is a Test) in it.[5] It is noted that while the Hitler ransomware's demand for payment in gift cards instead of Bitcoin was uncommon, it was not unique to this ransomware.[6] Spelling mistakes made in the demands have led technology journalists to joke that it could upset Grammar Nazis.[6]
An updated version of Hitler-Ransomware disguised as "CainXPii" called "Hitler 2" was later released. This version was similar to the original except that it corrected the spelling of "ransomware" and removed the countdown timer.[1] In January 2017, an updated version known as "The FINAL version" of Hitler-Ransomware was released.[7]
References
- ^ a b Britec Computers. Hitler 2 Ransomware prevents the use of Windows. YouTube. Retrieved 2018-02-14.
- ^ "Hitler ransomware demands victims pay €25 in Vodafone Card and deletes files instead of encrypting". International Business Times. 2016-08-10. Retrieved 2018-02-14.
- ^ "This Week in Crude Attempts at Malware: 'Hitler-Ransomware'". Vice. 2016-08-09. Retrieved 2018-02-14.
- ^ "Development version of the Hitler-Ransomware Discovered". Bleepingcomputer.com. 2016-08-08. Retrieved 2018-02-14.
- ^ "Hitler 'ransomware' offers to sell you back access to your files – but just deletes them". The Register. Retrieved 2018-02-14.
- ^ a b Storm, Darlene (2016-08-10). "Thugs developing cat-themed ransomware for Androids and Hitler ransomware for PCs". Computerworld. Retrieved 2018-02-14.
- ^ "January 2017: The Month in Ransomware". Tripwire. 2017-02-08. Retrieved 2018-02-14.
- v
- t
- e
← 2000s | Timeline | 2020s → |
2010 |
|
---|---|
2011 | |
2012 | |
2013 | |
2014 | |
2015 | |
2016 |
|
2017 | |
2018 | |
2019 |
persistent threats
- Bangladesh Black Hat Hackers
- Bureau 121
- Charming Kitten
- Cozy Bear
- Dark Basin
- DarkMatter
- Elfin Team
- Equation Group
- Fancy Bear
- GOSSIPGIRL (confederation)
- Guccifer 2.0
- Hacking Team
- Helix Kitten
- Iranian Cyber Army
- Lazarus Group (BlueNorOff) (AndAriel)
- NSO Group
- Numbered Panda
- PLA Unit 61398
- PLA Unit 61486
- PLATINUM
- Pranknet
- Red Apollo
- Rocket Kitten
- Stealth Falcon
- Syrian Electronic Army
- Tailored Access Operations
- The Shadow Brokers
- Yemen Cyber Army
- Cyber Anakin
- George Hotz
- Guccifer
- Jeremy Hammond
- Junaid Hussain
- Kristoffer von Hassel
- Mustafa Al-Bassam
- MLT
- Ryan Ackroyd
- Sabu
- Topiary
- Track2
- The Jester
publicly disclosed
- Evercookie (2010)
- iSeeYou (2013)
- Heartbleed (2014)
- Shellshock (2014)
- POODLE (2014)
- Rootpipe (2014)
- Row hammer (2014)
- SS7 vulnerabilities (2014)
- JASBUG (2015)
- Stagefright (2015)
- DROWN (2016)
- Badlock (2016)
- Dirty COW (2016)
- Cloudbleed (2017)
- Broadcom Wi-Fi (2017)
- EternalBlue (2017)
- DoublePulsar (2017)
- Silent Bob is Silent (2017)
- KRACK (2017)
- ROCA vulnerability (2017)
- BlueBorne (2017)
- Meltdown (2018)
- Spectre (2018)
- EFAIL (2018)
- Exactis (2018)
- Speculative Store Bypass (2018)
- Lazy FP state restore (2018)
- TLBleed (2018)
- SigSpoof (2018)
- Foreshadow (2018)
- Dragonblood (2019)
- Microarchitectural Data Sampling (2019)
- BlueKeep (2019)
- Kr00k (2019)
2010 |
|
---|---|
2011 | |
2012 | |
2013 | |
2014 | |
2015 | |
2016 |
|
2017 | |
2018 | |
2019 |
|