It's Not a Matter of If, It's a Matter of When

Massive GoldenEye Ransomware Campaign Slams Worldwide Users

Several critical infrastructure institutions in Ukraine had to be taken offline last month as the massive Petya ransomware campaign was unfolding worldwide.  Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family. At the time of writing this, there is no information about propagation vector, but we presume it to be carried by a worm-enabled component.

Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims’ computers from being booted up in a live OS environment and retrieving stored information or samples.

Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.

All Covered's Security Solutions blocked the currently known samples of the new GoldenEye variant and if you have an ongoing monthly maintenance contract with us, your computers were not in danger.

We have also received some reports of it infecting computers in the United States as it continues to spread across Europe.  This malware attacks the PC's ability to boot up, thus leaving it unusable. As with other ransomware when the computer is infected you are not able to login to your machine until a ransom is paid.

Here is a sample of the ransom note:



 

 

 

 


How can you protect yourself from this? 
The recommended steps for prevention are:

  • Make sure to keep systems up to date and install the latest updates as they are made available or enable automatic updates. (PCs and Macs)

  • Be careful when clicking on links. If you do not know the sender or are suspicious of the links or attachments in the email, stop! Do not click! Delete the email immediately.

  • Ensure anti-virus is running and up to date

  • Only download software from trusted sources

Do you want to do more for your employees?  Get Security Awareness training through All Covered.