Threat Management, Malware, Phishing, Ransomware

Fake résumé emails attempt to spread Ordinypt Wiper to German recipients

Attention German HR departments: You may want to cross off a certain "Eva Richter" from your list of employment candidates. Especially because her so-called résumé actually infects recipients with the destructive Ordinypt Wiper malware, according to a new report.

The fake résumé phishing campaign began on Sept. 11 and is specifically aimed at German-speaking employers, Bleeping Computer reported this past weekend. The campaign sends an email that appears to be a job application, replete with photo and résumé of one Eva Richter. But in reality, the photo is a random stock photo and the résumé is a PDF file that delivers Ordinypt.

Historically, Ordinypt targets Germans acts very much like a typical ransomware program. It maliciously encrypts victims' files and demands a payment via a Tor site to restore the files. However, in this instance, even if the victim pays up, the files remain useless because they are overwritten with random characters.

Ordinypt also deletes shadow volume copies and disables the Windows 10 recovery environment in an attempt to further frustrate the victim. However, in some instances of infection, the shadow volume copies survive, BleepingComputer notes.

"Dear Sirs and Madames, I hereby apply for the position offered by you at the Employment Agency," the fake email reads. "The field of activity you describe corresponds especially to my career prospects. My application documents are attached. I would be very happy about an invitation to a personal job interview. Yours sincerely, Eva Richter."

So, if you're looking for a job in Germany and your name coincidentally just happens to be Eva Richter, well, perhaps consider a name change until this latest phishing campaign blows over.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.