Following the rising circulation of Hitler-ransomware as reported by Bleeping Computer, Thomas Pore, Director of IT at cyber security firm Plixer, commented below the reason this variant does not actually encrypt files, why he thinks we’ll see a mature version of this soon and what users can do to avoid being hit.

Thomas Pore, Director of IT at  Plixer:

Thomas Pore“Ransomware, or ‘Ransonware’ in this case, is not going away any time soon. Why? Because it’s very successful. Users love to click on URLs and open attachments. A German string found in the malware “echo Das ist ein Test”, translates to “This is a test”. With other indicators of an early product, the lock screen showing the misspelling “Ransonware” suggests that we will likely see a more mature version popping up shortly.

“It’s interesting that this variant does not actually encrypt the files, possibly for detection avoidance. However the approach to delete all of the files upon reboot after initiating an OS crash leaves users few alternatives. This is why users will likely continue to pay the ransom. The FBI is taking a firm stance on not paying ransoms, however each case is different.

“A routine off-site or off-network backup is the only sure-fire way to recover from ransomware. User training to identify phishing attacks is also paramount. Users just love clicking on URLs in email. Implementing software white-list or restriction policy could potentially stop the malware from running as well.”