Home » bitcoin updates » Ordinypt: A Ransomware Outbreak Without Consequences

Ordinypt: A Ransomware Outbreak Without Consequences

Tuesday, November 14th, 2017 | bitcoin updates

      
    
  Ordinypt: A ransomware outbreak with no consequences

      

    

    
    
      
          14.11.2017 16:53 Uhr Fabian A. Scherschel
          
      
      
      
      
    

    
        
            
        
        
    
    
    Distribution of Ordinypt outbreaks in Europe according to ID ransomware
                (Image: Michael Gillespie)
            
              The extortionist Trojan Ordinypt apparently had great potential to cause damage in the German IT landscape. Apparently, however, it was only distributed to a relatively small group of recipients.
            
            
            
            The supposed cryptotrojanian Ordinypt (or HSDFSDCrypt) had the potential to unleash an avalanche on infected computers. The masterminds had sent well-made, almost faultless German phishing emails to strategically favorable addresses in HR departments – at Goldeneye this strategy had fallen victim to countless companies. Ordinypt was apparently only distributed to relatively few recipients, of which almost no one was infected with the disguised as PDFs Delphi malicious code.
The attackers have probably been active for some time
And that despite the fact that Ordinypt has been on the mail servers of heise Security readers for a good two weeks. A reader registered according to own data the first phishing mail after the current pattern even already in the middle of May, however at that time with a variant of the Cerber Trojan in the appendix.
The distribution of Ordinypt itself seems to have happened very sparse. Security researcher Michael Gillespie, who uncovered the Trojan when strangers uploaded a version of the blackmail message and later a sample of the Trojan on his website, ID-Ransomware, has since received only a few dozen requests from malicious code victims. Most of these hits received the page from Germany, as Gillespie illustrated opposite heise Security.
Here's the past 7 days of submissions to ID Ransomware, just before the 6th (detected atleast). Used to call it "HSDFSDCRYPT", hence the two names. Pretty much only saw it for a few days. pic.twitter.com/gVxWZYXPwJ- Michael Gillespie (@demonslay335) November 13, 2017Have luck
This coincides with the findings of other security researchers and reports by our readers. For some, the malicious attachment of phishing emails was already neutralized on the mail server because they had configured the mail system to render executable mail attachments harmless – a standard security precaution. Similarly, proactive measures and rapid detection of the Trojan by many AV programs quickly after the first appearance of Ordinypt has probably prevented worse.
Nevertheless, the question remains why the masterminds have distributed the Wiper Trojan only in an obviously very limited framework. So they could probably make little money and do little damage. Whether it is intent or whether something went wrong in the distribution of the mails, remains unclear.

(FAB)

        

Related

DroNet: Learning Drone Al

                         (Image: University of Zurich)                                            Will drones fly in

Ambitious technology proj

                         (Picture: UPS)                                            With costly projects, the logistics company

Valentine's Day Insta

                         (Picture: Form Labs)                                            For 10 years there has

Gabriel: No Reason for Wa

BARCELONA (dpa-AFX) – Even after the terrorist attack in Barcelona, ​​Federal Foreign Minister