{"id":11482,"date":"2016-08-21T17:10:54","date_gmt":"2016-08-21T21:10:54","guid":{"rendered":"http:\/\/www.thundercloud.net\/infoave\/new\/?p=11482"},"modified":"2016-08-21T17:10:54","modified_gmt":"2016-08-21T21:10:54","slug":"the-hitler-ransonware-another-attempt-to-steal-your-money","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/the-hitler-ransonware-another-attempt-to-steal-your-money\/","title":{"rendered":"The Hitler &#8220;Ransonware&#8221; (Another attempt to steal your money)"},"content":{"rendered":"<h1>The Hitler &#8220;Ransonware&#8221; (Another attempt to steal your money)<\/h1>\n<blockquote><p>Cybercrooks have put together Hitler-themed ransomware that simply deletes files on encrypted PCs.<\/p>\n<p>The (apparently prototype) Windows malware displays a lock screen<sup>1<\/sup> featuring the infamous Austrian dictator, together with a demand falsely stating that files have been encrypted.<\/p>\n<p>The ransomware says files can supposedly be recovered by paying 25 euros, in the form of a Vodafone cash card \u2013 which is more traceable than BitCoin.<\/p>\n<p>The ransomware appears to be a test variant put together by unskilled coders, as a <a href=\"http:\/\/www.bleepingcomputer.com\/news\/security\/development-version-of-the-hitler-ransomware-discovered\/\" target=\"_blank\">blog post<\/a> by IT help site Bleeping Computer explains.<\/p>\n<p>\u201cIt does not encrypt any files at all. Instead this malware will remove the extension for all of the files under various directories, display a lock screen, and then show a one hour countdown as shown in the lock screen below.<\/p>\n<p>After that hour it will crash the victim&#8217;s computer, and on reboot, delete all of the files under the [use profile] of the victim,\u201d it adds.<\/p>\n<p>German language text found within an embedded batch file associated with the malware states \u201cDas ist ein Test\u201d (\u201cThis is a test\u201d)&#8230;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"http:\/\/thundercloud.net\/infoave\/images\/2016\/hitler.jpg\" alt=\"\" width=\"648\" height=\"479\" \/><\/p>\n<p>Malware that falsely claims to have encrypted files when in reality it has deleted them has been seen before, in the shape of the earlier <a href=\"http:\/\/www.theregister.co.uk\/2016\/07\/12\/file_deleting_ransomware_scam\/\" target=\"_blank\">Ranscam threat<\/a> \u2013 so the Hitler ransomware is no more innovative as a scam than it is as a piece of malicious code.<\/p>\n<p>Thomas Pore, director of IT at security analytics firm Plixer, reckons the half-baked cybercrime threat could still make money.<\/p>\n<p>\u201cIt\u2019s interesting that this variant does not actually encrypt the files, possibly for detection avoidance,\u201d Pore said. \u201cHowever the approach to delete all of the files upon reboot after initiating an OS crash leaves users few alternatives. This is why users will likely continue to pay the ransom&#8230;&#8221;<\/p><\/blockquote>\n<p>Source:\u00a0&#8220;The Register&#8221;. <a href=\"http:\/\/www.theregister.co.uk\/2016\/08\/10\/hitler_ransomware\/\" target=\"_blank\">Read the complete article here.<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Hitler &#8220;Ransonware&#8221; (Another attempt to steal your money) Cybercrooks have put together Hitler-themed ransomware that simply deletes files on encrypted PCs. The (apparently prototype) Windows malware displays a lock screen1 featuring the infamous Austrian dictator, together with a demand falsely stating that files have been encrypted. The ransomware says files can supposedly be recovered by paying 25\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.thundercloud.net\/infoave\/new\/the-hitler-ransonware-another-attempt-to-steal-your-money\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1655,1433,1669,1,1426,1670,1656,1654],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/11482"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=11482"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/11482\/revisions"}],"predecessor-version":[{"id":11483,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/11482\/revisions\/11483"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=11482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=11482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=11482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}