Hitler-Ransomware#nazis

Hitler-Ransomware was first developed in 2016. The ransomware activates with a lock screen with an image of Adolf Hitler giving a Nazi salute. The message on it states "This is the Hitler-Ransonware^{{sic}}. Your files was encrypted! Do you decrypt your files?". It then demands payment in the form of a €25 Vodafone mobile phone gift card and gives the owner of the computer one hour to pay with a countdown timer accompanying.{{cite web|url=http://www.ibtimes.co.uk/hitler-ransomware-still-development-mode-deletes-files-demands-victims-pay-via-phone-top-card-1575265 |title=Hitler ransomware demands victims pay €25 in Vodafone Card and deletes files instead of encrypting |work=International Business Times |date=2016-08-10 |access-date=2018-02-14}} Failing to pay the ransom when the one hour countdown timer reaches zero results in the system crashing with a blue screen of death and when the computer reboots, all of the files in the computer's user profile folders have been deleted.{{cite web|url=https://www.vice.com/en/article/this-week-in-crude-attempts-at-malware-hitler-ransomware/ |title=This Week in Crude Attempts at Malware: 'Hitler-Ransomware' |publisher=Vice |date=2016-08-09 |access-date=2018-02-14}} Contrary to what it claims, the ransomware does not encrypt the computer files; instead, it runs a script that disassociates all file types to mislead people into thinking their files have been encrypted.{{cite web |url=https://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/ |title=Development version of the Hitler-Ransomware Discovered |publisher=Bleepingcomputer.com |date=2016-08-08 |access-date=2018-02-14}}

The virus was discovered by the AVG Technologies analyst Jakub Kroustek. Upon further investigation of it, he determined that it likely originated in Germany as a prototype given that the batch file associated with it had the words "Das ist ein Test" (German: This is a Test) in it.{{cite web|url=https://www.theregister.co.uk/2016/08/10/hitler_ransomware/ |title=Hitler 'ransomware' offers to sell you back access to your files – but just deletes them |publisher=The Register |access-date=2018-02-14}} It is noted that while the Hitler ransomware's demand for payment in gift cards instead of Bitcoin was common, it was not unique to this ransomware. {{anchor|nazis}} A typo on its lock screen, "Hitler-Ransonware," led technology journalist Darlene Storm to joke that it could upset Grammar Nazis.{{cite web |last=Storm |first=Darlene |date=2016-08-10 |title=Thugs developing cat-themed ransomware for Androids and Hitler ransomware for PCs |url=https://www.computerworld.com/article/3106056/security/thugs-developing-cat-themed-ransomware-for-androids-and-hitler-ransomware-for-pcs.html |url-status=dead |archive-url=https://web.archive.org/web/20160811234213/https://www.computerworld.com/article/3106056/security/thugs-developing-cat-themed-ransomware-for-androids-and-hitler-ransomware-for-pcs.html |archive-date=2016-08-11 |access-date=2018-02-14 |publisher=Computerworld}}

An updated version of Hitler-Ransomware disguised as "CainXPii" called "Hitler 2" was later released. This version was similar to the original except that it corrected the spelling of "ransomware" and removed the countdown timer.{{cite AV media |url=https://www.youtube.com/watch?v=7aAF3L6vqOc&t=232s |title=Hitler 2 Ransomware prevents the use of Windows |publisher=YouTube |people=Britec Computers |access-date=2018-02-14}} In January 2017, an updated version known as "The FINAL version" of Hitler-Ransomware was released.{{cite web|url=https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/january-2017-month-ransomware/ |title=January 2017: The Month in Ransomware |publisher=Tripwire |date=2017-02-08 |access-date=2018-02-14}}

{{Reflist|30em}}

{{Hacking in the 2010s}}

Category:Ransomware

Category:Windows trojans

Category:Cultural depictions of Adolf Hitler