Security Affairs
CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hitler ransomware just deletes files instead encrypt them

Security experts detected and analyzed a new threat, the Hitler ransomware, that doesn’t encrypt files but simply deletes them. Ransomware is one of the most dreaded threats for Internet users and a profitable business for crooks. In the last months, we have seen a number of malware belonging to this category, one of the most recent is […]

Hitler ransomware just deletes files instead encrypt them

Security experts detected and analyzed a new threat, the Hitler ransomware, that doesn’t encrypt files but simply deletes them.

Ransomware is one of the most dreaded threats for Internet users and a profitable business for crooks. In the last months, we have seen a number of malware belonging to this category, one of the most recent is a Hitler-themed ransomware that doesn’t encrypt files, but simply deletes them.

Hitler ransomware

In reality, the threat appears to be a work in progress project developed by coders without specific skills.

The Windows ransomware displays a lock screen featuring Hitler, together with a message that warns users that files have been encrypted.

The ransomware requests the payment of only 25 euros, in the form of a Vodafone cash card. It is unusual for such kind of crimes.

The lock screen features a misspelling “Ransonware.”

The website Bleeping Computer published a detailed analysis of the Hitler ransomware that was first spotted by the malware analyst Jakub Kroustek from AVG.

“This ransomware appears to be a test variant based on the comments in the embedded batch file and because it does not encrypt any files at all. Instead this malware will remove the extension for all of the files under various directories, display a lock screen, and then show a one hour countdown as shown in the lock screen below.” reads the post published by Bleeping Computer “After that hour it will crash the victim’s computer, and on reboot, delete all of the files under the %UserProfile% of the victim. I hope this is not the actual code that this ransomware developer plans on using if it goes live.”

The experts have found the string “Das ist ein Test” (“This is a test”) in an embedded batch file, a circumstance that suggests the developer are German based.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Hitler ransomware, malware)