Massive GoldenEye ransomware attack affects users worldwide
June 29, 2017
GoldenEye is the latest ransomware campaign that is unfolding worldwide as we speak. Bitdefender has preliminary information showing that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family.At the time of writing this there is no information about propagation vector but we presume it to be carried by a wormable component.
Unlike most ramsonware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims computers from being booted up in a live OS environment and retreiving stored information or samples.
Just like Petya, GoldenEye encrypts the the entire hard disk drive and denies the user access to the computer. However, unlike Petya, there is no workaround to help victims retrieve the decryption keys from the computer.
Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid. The attack started today in Ukraine, Russia and Romania and we already see payments being made by infected users. Companies and government institutions are among the affected entities.
Bitdefender blocks the currently known samples of the new GoldenEye variant. If you are running a Bitdefender security solution for consumer or business, your computers are not in danger.