Hitler-Ransomware

Hitler-Ransomware, or Hitler-Ransonware[sic], is a form of ransomware created in 2016 originating in Germany. It requests payment within one hour; otherwise, it will delete files from the infected computer.

History
Hitler-Ransomware was first developed in 2016. The ransomware activates with a lock screen with an image of Adolf Hitler giving a Nazi salute. The message on it states "This is the Hitler-Ransonware[sic]. Your files was encrypted! Do you decrypt your files?". It then demands payment in the form of a €25 Vodafone mobile phone gift card and gives the owner of the computer one hour to pay with a countdown timer accompanying. Failing to pay the ransom when the one hour countdown timer reaches zero results in the system crashing with a blue screen of death and when the computer reboots, all of the files in the computer's user profile folders have been deleted. Contrary to what it claims, the ransomware does not encrypt the computer files; instead, it runs a script that disassociates all file types to mislead people into thinking their files have been encrypted.

The virus was discovered by the AVG Technologies analyst Jakub Kroustek. Upon further investigation of it, he determined that it likely originated in Germany as a prototype given that the batch file associated with it had the words "Das ist ein Test" (German: This is a Test) in it. It is noted that while the Hitler ransomware's demand for payment in gift cards instead of Bitcoin was common, it was not unique to this ransomware. A typo on its lock screen, "Hitler-Ransonware," led technology journalist Darlene Storm to joke that it could upset Grammar Nazis.

An updated version of Hitler-Ransomware disguised as "CainXPii" called "Hitler 2" was later released. This version was similar to the original except that it corrected the spelling of "ransomware" and removed the countdown timer. In January 2017, an updated version known as "The FINAL version" of Hitler-Ransomware was released.