Blog

Ranstop blocks Eva Richter (Ordinypt) ransomware

Ransomware test subject – Eva Richter (Ordinypt)

German speakers were recently hit by a series of malware campaigns, distributing fake ransomware. We call it fake because even though it destroys user files, the victim cannot recover its files, even if the ransom is paid.

The campaign starts with an email, received from somebody named ‘Eva Richter’, a woman looking for a job, sending her resume and a picture as attachments. The resume is zipped, and it contains, apparently, a pdf file. But we know appearances can be deceiving, in fact, they surely are in this particular case, as the attached document is actually an executable, the ransomware itself.

Ordinypt ransomware – test findings

Even it is distributed as Eva Richter, the real name of the ransomware is Ordinypt, and what Ordinypt does, is that it destroys files without the possibility to recover them. It’s basically a file shredder masked as a ransomware. It even behaves as such in every way. Once executed, it will first terminate a list of running programs. Then, it will, apparently, encrypt files and append an extension to them (in our case, “NLraY”), drop ransom notes, and finally ask for $1500 worth of Bitcoin to recover the files. A little “buggy”, as it failed to delete some of our test files. At the end of encryption, without attempting to bypass User Account Control, the malware will execute a series of commands to delete shadow volume copies of files and to disable OS recovery features.

The ransom note contains instructions on how to recover the files and make a payment. However, because of its destructive nature, no decryption key can ever recover the files, so paying is absolutely useless. The only thing a victim can do is to prevent such attacks from ever happening again in the future by installing specialized security software.

Ordinypt ransomware vs Ranstop – test results

TEMASOFT Ranstop detects this version of Ordinypt ransomware soon after it starts encrypting files. Upon detection, alerts are triggered, and the malware process is stopped and quarantined. The corrupt files are automatically recovered so that the user doesn’t lose any critical document.


Click here to watch TEMASOFT Ranstop blocking Ordinypt ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


 
 

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023