Hitler-Ransomware

Hitler-Ransomware, or Hitler-Ransonware ^[sic], is a form of ransomware created in 2016 originating in Germany. It requests payment within one hour; otherwise, it will delete files from the infected computer.

Hitler-Ransomware was first developed in 2016. The ransomware activates with a lock screen with an image of Adolf Hitler giving a Nazi salute. The message on it states "This is the Hitler-Ransonware ^[sic]. Your files was encrypted! Do you decrypt your files?". It then demands payment in the form of a €25 Vodafone mobile phone gift card and gives the owner of the computer one hour to pay with a countdown timer accompanying.^[2] Failing to pay the ransom when the one hour countdown timer reaches zero results in the system crashing with a blue screen of death and when the computer reboots, all of the files in the computer's user profile folders have been deleted.^[3] Contrary to what it claims, the ransomware does not encrypt the computer files; instead, it runs a script that disassociates all file types to mislead people into thinking their files have been encrypted.^[4]

The virus was discovered by the AVG Technologies analyst Jakub Kroustek. Upon further investigation of it, he determined that it likely originated in Germany as a prototype given that the batch file associated with it had the words "Das ist ein Test" (German: This is a Test) in it.^[5] It is noted that while the Hitler ransomware's demand for payment in gift cards instead of Bitcoin was common, it was not unique to this ransomware.^[6] A typo on its lock screen, "Hitler-Ransonware," led technology journalist Darlene Storm to joke that it could upset Grammar Nazis.^[6]

An updated version of Hitler-Ransomware disguised as "CainXPii" called "Hitler 2" was later released. This version was similar to the original except that it corrected the spelling of "ransomware" and removed the countdown timer.^[1] In January 2017, an updated version known as "The FINAL version" of Hitler-Ransomware was released.^[7]