Name | Hitler |
Type | Locker Ransomware |
Short Description | The Hitler Ransomware is a ransomware Trojan that is being utilized as a part of attacks associated with PC clients situated in Europe especially. When it is infected you will ask to enter a cash code of 25 Euro Vodafone Card as payment to get back the files within one hour. |
Symptoms | The Hitler Ransomware is not assigned to encrypt the victim’s files and removes the extensions on all files in certain directories. It displays a lock screen and then begins a one-hour countdown. After the end of the stipulated time, the infected computer crashes, reboots, and all files of the infected system under %UserProfile% (C:\Users\{User’s Profile})will be deleted. |
Distribution Method | This ransomware uses various techniques for its distribution such as spam emails with fake PDF or Microsoft word attachments that will not open when it is launched. |
Image | ![]() |
More Details |
This ransomware silently drops two files called chrst.exe and firefox32.exe to %TEMP%\[random name].tmp. The end user given only one hour to pay the ransom before the files are deleted. The following files being dropped if users are infected by hitler ransomware: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\firefox32.exe After this infection phase, ransomware will immediately locks the screen of the affected user.When the ransomware is affected, it removes all extensions for files located in the following directories: %userprofile%\Pictures After one-hour duration of allocated time, it suspends the csrss.exe process which causes Blue Screen Of Death. Then it will display message on the screen, ![]() Then a firefox32.bat module is loaded from the ransomware which has a script executes as follows @echo off This script will delete all the files of infected users. |