Image displayed on infected devices
|Point of origin||Germany|
Hitler-Ransomware, or Hitler-Ransonware (sic), is a form of ransomware created in 2016 originating in Germany. It requests payment within one hour; otherwise, it will delete files from the infected computer.
Hitler-Ransomware was first developed in 2016. The ransomware activates with a lock screen with an image of Adolf Hitler giving a Nazi salute. The message on it states "This is the Hitler-Ransonware. (sic) Your files was encrypted! Do you decrypt your files?". It then demands payment in the form of a €25 Vodafone mobile phone gift card and gives the owner of the computer one hour to pay with a countdown timer accompanying. Failing to pay the ransom when the one hour countdown timer reaches zero results in the system crashing with a blue screen of death and when the computer reboots, all of the files in the computer's user profile folders have been deleted. Contrary to what it claims, the ransomware does not encrypt the computer files; instead, it runs a script to mislead people into thinking their files have been encrypted.
The virus was discovered by the AVG Technologies analyst Jakub Kroustek. Upon further investigation of it, he determined that it likely originated in Germany as a prototype given that the batch file associated with it had the words "Das ist ein Test" (German: This is a Test) in it. It is noted that while the Hitler ransomware's demand for payment in gift cards instead of Bitcoin was uncommon, it was not unique to this ransomware. Spelling mistakes made in the demands have led technology journalists to joke that it could upset Grammar Nazis.
An updated version of Hitler-Ransomware disguised as "CainXPii" called “Hitler 2" was later released. This version was similar to the original except that it corrected the spelling of "ransomware" and removed the countdown timer. In January 2017, an updated version known as "The FINAL version" of Hitler-Ransomware was released.
- Britec Computers. Hitler 2 Ransomware prevents the use of Windows. YouTube. Retrieved 2018-02-14.
- "Hitler ransomware demands victims pay €25 in Vodafone Card and deletes files instead of encrypting". International Business Times. 2016-08-10. Retrieved 2018-02-14.
- "This Week in Crude Attempts at Malware: 'Hitler-Ransomware'". Vice. 2016-08-09. Retrieved 2018-02-14.
- "Development version of the Hitler-Ransomware Discovered". Bleepingcomputer.com. 2016-08-08. Retrieved 2018-02-14.
- "Hitler 'ransomware' offers to sell you back access to your files – but just deletes them". The Register. Retrieved 2018-02-14.
- Storm, Darlene (2016-08-10). "Thugs developing cat-themed ransomware for Androids and Hitler ransomware for PCs". Computerworld. Retrieved 2018-02-14.
- "January 2017: The Month in Ransomware". Tripwire. 2017-02-08. Retrieved 2018-02-14.