Hitler Ransomware Deletes Files (Video)

AVG security researcher Jakub Kroustek has discovered a new form of ransomware named Hitler Ransomware.

BleepingComputer took a look at the malware and found that once the binary file is double clicked, it drops three files on the victims computer. The first file is firefox32.exe which ensures that the malware runs on every start up. The second file is ErOne.vbs which gives an error message when clicked on. And the third file, which is the actual malware is called Chrst.exe. That file is responsible for displaying the ransom note on the user's screen, starting the encryption process and a giving a one-hour countdown timer.

At the end of the hour time, the system will crash with a BSOD. Once restarted, the victim will find that the ransomware has deleted all the files in the User Profile folder.

Bleeping Computer's malware analyst Lawrence Abrams has looked at the source code and discovered that the malware has been created by a German hacker. It asks for a €25 Vodafone telephony card.

"This ransomware appears to be a test variant," Abrams writes. "I hope this is not the actual code that this ransomware developer plans on using if it goes live."

The below video shows the workings of the ransomware:



Source: SoftPedia