Crooks have bared no efforts to masquerade with users’ personal data. This time they have masked themselves in the Nazi dictator- Hitler’s coherence. Recently, attacks of Hitler Ransomware were noted, which dispatch a bundle of files to users’ system.
The malicious program, once installed on the user’s system, claims to encrypt all files, demands ransom (payable within an hour) and gives a warning to innocent users’. This waring states- failure of ransom payment would lead to deletion of all files. But there are some hidden characters of this Trojan. The Ransomware doesn’t really encrypt files, but in reality it removes the file extensions.
The Trojan’s Infection
It is transmitted via spam emails with fake PDF or Microsoft Word attachments. Although, these attachments don’t open when launched. Researches on it shows that, it is actually a Windows installer converted from a batch file. Once it is successfully installed, it silently drops three files- (“ErOne.vbs” ; “chrst.exe” , and; “firefox32.exe” ), to the user’s “%Temp%” folder. Amongst these three files, “firefox32.exe” file is also copied to the “Common Startup” folder, which runs when user reboot the system.
Hitler Ransomware, after locking the system of a user, demands ransom. It demands 25 Euro, which is payable via a Vodafone cash card. This time, the criminals haven’t really kept this ransom payment very high (which is generally .5 to 1.5 Bitcoin) as well as the mode of payment is easier to trace.
Image Source: google.com
On the lock screen of the system, the malware also shows a timer. It gives one hour’s time to a user for the payment of ransom. Failing to do so results in deletion of all files. Once the time is over, the Trojan reboots the system and deletes all files saved within the “%UserProfile%” folder.
Apart from this, it also continuously analyzes the running programs and automatically dismisses “taskmgr” (Windows Task Manager), “utilman” (a tool used to configure Windows startup settings), “sethc” (a process enabling Windows shortcut keys), and “cmd” (Windows Command Prompt).
What’s Different about this Ransomware
There are a certain facets of Hitler Ransomware that makes it little different from the others of its types.
- It seems to be an underdeveloped Ransomware: Researches clarifies that the batch file of this malicious program contains a message in German. It states that this is a test. Further, it clears out that the Ransomware is not fully developed one and the criminals have just put up a trial and error ransomware. It can also be assumed that the developers of the cyberware may come up with a variant of the same malware, which might be stronger and hard to break.
- This demands little money: This is an unusual facet about Hitler Ransomware. Unlike other, it burdens innocent users with little ransom only. It is just 25 Euro. Up until now, similar malware programs have demanded 0.5 to 1.5 Bitcoin. Currently, 1 Bitcoin is equivalent to 528 Euro (round figure).
- It deletes files altogether: We have seen ransomware locking out the user from system access, encrypted files and also changing the file extensions. But this ransomware deletes files altogether. It deletes files from user profile folder. Below are mentioned the file types it bulls.
Protection Against Hitler Ransomware
Instead of falling prey to ransomware and paying ransom, you should protect your files beforehand. Ensure that all your files are safe and secure by using Right Backup app. Right Backup is an app which helps you safeguard your files on cloud storage. Cloud storage is one of the and safest way to keep all data protected. And Right Backup does it appositely. It is a simple to use app with amazing features of data restoration and automatic backup. The app allows-
- Access from anywhere, at any time
- Quick data restoration
- Schedule of backup for automatic backup plans
- Backup of all major file formats
Be smart and protect your files from the strongest of all malware, with Right Backup app. You can get the app from here.