December 12, 2016
GoldenEye Ransomware Takes Aim At HR
According to the website, Heise.de, emails are arriving with an innocuous sender name, such as ‘rolf.drescher’ or ‘drescher1988’. The email, titled ‘Bewerbung’ (‘application’), includes a polite cover letter, résumé and an excel file.
After the file is downloaded, a macro is launched which encrypts files on the computer. For each file it encrypts, GoldenEye adds a random 8-character extension at the end. The ransomware then also modifies the user's hard drive MBR (Master Boot Record) with a custom boot loader. According to Bleeping Computer, GoldenEye is almost identical to the previous strains of ransomware, Petya and Mischa.
GoldenEye is demanding a ransom of 1.3 bitcoins (roughly $1,000), and there is currently no encryption key available. As a result, German authorities are urging companies to take the following measures:
Inform all HR staff of the scam
Update Anti-Virus software (although recognition isn’t ideal)
Backup, don’t Pay Up
It is currently unclear how many people have been infected with GoldenEye, but as the new strain of ransomware evolves, the threat may spread to more regions.