This story is over 5 years old.


This Week in Crude Attempts at Malware: 'Hitler-Ransomware'

It doesn’t even encrypt your files, just deletes them.
A screenshot of the "Hitler malware." Image: Cyber Security GrujaRS/YouTube

Some pieces of ransomware are devilishly clever. Some are highly profitable. And some are just straight-up crude.

One new and particularly eyebrow-raising example is "Hitler-Ransomware," which, as you might expect, displays a giant picture of Hitler on your screen. First discovered by AVG analyst Jakub Kroustek, and reported by Bleeping Computer, Hitler-Ransomware is still in development, and is far from a polished product.


For a start, it doesn't even encrypt your files, despite claiming to. Instead, it removes the extension for files in certain directories, and shows an ominous one-hour countdown.The malware asks the victim for payment, but rather than demand a lump of Bitcoin, as is traditional for ransomware, it tells the target to purchase a "Vodafone Card" (likely a credit top-up card) for €25 and type in its code. (Other criminal scammers sometimes get victims to purchase gift cards for companies, such as Apple or Amazon).

Once the countdown is complete, the program forces Windows to crash, or land on a blue screen of death. After the computer is rebooted, Hitler-Ransomware then deletes all of the user's files.

As Bleeping Computer points out, the developer of Hitler-Ransomware appears to be German, based on a block of German-language text found alongside the malware.

"This is a test," a translated version of the text reads, and adds that the file is "by CoolNass," possibly alluding to the ransomware's author.

"I am a Pro," the text audaciously claims.