GoldenEye Ransomware Takes Aim At HR

December 12, 2016

GoldenEye Ransomware Takes Aim At HR

By Chris Brunau

From the creators of Petya, a new strain of ransomware has entered the game. GoldenEye ransomware is being distributed by spam emails targeting German-speaking users.

According to the website,, emails are arriving with an innocuous sender name, such as ‘rolf.drescher’ or ‘drescher1988’. The email, titled ‘Bewerbung’ (‘application’), includes a polite cover letter, résumé and an excel file.

After the file is downloaded, a macro is launched which encrypts files on the computer. For each file it encrypts, GoldenEye adds a random 8-character extension at the end. The ransomware then also modifies the user's hard drive MBR (Master Boot Record) with a custom boot loader. According to Bleeping Computer, GoldenEye is almost identical to the previous strains of ransomware, Petya and Mischa.

GoldenEye is demanding a ransom of 1.3 bitcoins (roughly $1,000), and there is currently no encryption key available. As a result, German authorities are urging companies to take the following measures:

It is currently unclear how many people have been infected with GoldenEye, but as the new strain of ransomware evolves, the threat may spread to more regions.

Relevant Articles

Subscribe to the Blog