Germany ‘s security experts give a message over a new virus dubbed WashingWiper, which requires ransom from victims after removal
Data on their computers.
GermanWiper, as the name of the virus says, completeness erases the user ‘s data. The feature of the virus is that it does not encrypt user files, but overwrites the content with zeros and copies. Thus, this permanently removes the user ‘s data.
The virus was announced at the BleedingComputer Forum on July 30 this year, where a large number of users complained about a program that not only destroys their files, but asks to pay for the ransom to return their files.
Later, the German Computer Emergency Response Team (CERT) revealed that the threats behind the virus were spewed by malicious email links – specifically targeted at HR employees at Job Applications firms.
Email messages have an attached CV (ZIP file) as well as an LNK shortcut file. When a user opens a zip file, the LNK file loads and starts installing the virus. After the installation is complete, the program overwrites the contents of the target files with a null character. It also adds new extensions to these files, such as .AVco3,. 08kJA,. rjzR8, .OQn1B, etc.
After rewriting the contents of all files, the virus opens a buyout message (written in German) inside the default browser on the infected computer. It says they have seven days to pay the ransom, although the payment of money does not help users return their data.
The surprising fact is that Nintendo Wiper is not the first extortion virus to delete data on the computer of German-speaking users. In 2017, an extortion virus named HSDFSDCrypt was targeted by a large number of German-speaking users and finally destroyed their files.
This extortion virus also used beautiful women to spread malware and infect users ‘computers.
Experts are currently warning users about the new Lord Exploit virus, which spreads the extortion virus through deceptive websites. This virus is part of a malware chain and uses a fake site to redirect potential victims to the malicious right page.