GermanWiper malware has targeted German companies. Cybercriminals send an e-mail to the specific company that should not arouse any suspicion, as it is a job application from a “candidate”. An employee that opens a .pdf file attached to the message with the alleged resume downloads an executable file with ransomware.

According to the Niebezpiecznik portal that cites an article published by BleepingComputer, GermanWiper scans the system for files to be destroyed. In addition, ransomware skips specific folders and files necessary for OS functions. The virus overwrites data with random strings of ones and zeros, without using an encryption key. The final step is to create a ransom note for unlocking files. People who decide to pay USD 1,500 lose both the data and the money.

In this case, the only thing that could save the company is an up-to-date data backup, because system updates and anti-virus programs are not always effective in defending against cyber attack.