GoldenEye Ransomware Takes Aim At HR

Dec 12, 2016

GoldenEye Ransomware Takes Aim At HR

BY Chris Brunau


From the creators of Petya, a new strain of ransomware has entered the game. Hackers are distributing GoldenEye ransomware through spam emails targeting German-speaking users.

According to Heise, emails are arriving with an innocuous sender name, such as ‘rolf.drescher’ or ‘drescher1988’. The email, titled ‘Bewerbung’ (‘application’), includes a polite cover letter, résumé and an excel file.

After the file is downloaded, a macro is launched which encrypts files on the computer. For each file it encrypts, GoldenEye adds a random 8-character extension at the end. The ransomware then also modifies the user's hard drive MBR (Master Boot Record) with a custom boot loader. According to Bleeping Computer, GoldenEye is almost identical to the previous strains of ransomware, Petya and Mischa.

GoldenEye is demanding a ransom of 1.3 bitcoins (roughly $1,000), and there is currently no encryption key available. As a result, German authorities are urging companies to take the following measures:

It is currently unclear how many people have been infected with GoldenEye, but as the new strain of ransomware evolves, the threat may spread to more regions.

Subscribe to the Blog