Computer systems around the world have been hit with a new ransomwaremalwarecalledGoldeneye, a variant of Petyaransomware. Its targets are governments and businesses; infecting computers and files to lock out users and demanding $300 in Bitcoin to regain access.
Upon infecting a system the malware forces the targeted computer to restart so the victim can see the ransom note without any further delay.
The malware was discovered by security researchers at Bitdefender who are also keeping an eye on the ongoing attack and according to researcher BogdanBotezatu “Just like Petya, it is particularly dangerous because it doesn’t only encrypt files, it also encrypts the hard drive as well.”
Bitdefender and Symantec, both cyber security giants, have confirmed that Goldeneye leverages EternalBlue exploit to spread from one computer to another. The EternalBlue exploit was also used during WannaCryransomware attack in which more than 200,000 computers were infected worldwide.
Another thing common between WannaCry and GoldenEye/Petya is that both malware only target Windows operating systems.
According to DailyMail, the first target of GoldenEyeransomware was Ukraine when its power grid, national bank, supermarkets, airport and telecom firms reported that their IT systems have been affected. An ATM in Kiev shows full preview of the GoldenEye ransom note (Image Credit: Twitter)Supermarket in Kiev infected with GoldenEyeransomware (Image Credit: Twitter)A Tweet from Ukrainian Deputy Prime Minister RozenkoPavlo shows a picture of a computer system revealing that computer systems of government have been infected. “Less than three hours ago, Cyren detected a variant of the Petyaransomware. Cyren researchers identified affected users in numerous countries, including India, UK, and many others. The company anticipates this will become a widespread threat with victims emerging in all corners of the globe.”“The rate at which these ransomware attacks are being developed, and subsequently spreading, is worrisome, but unfortunately not surprising. While there is a lot of speculation of who is behind this attack, what is most concerning is the type of institutions that are being impacted, including financial systems, airports and energy companies. When these networks are hit, the stakes are much higher, moving well beyond a nuisance. It isn’t an exaggeration to say that these attacks could have life and death consequences. As ransomware attacks continue to dominate the headlines, my hope is that companies begin to take a step back and make cybersecurity their top priority. Even simple measures like increased training, more communication around cyber security best practices, implementing data-centric security policies and ensuring updates are made can make all the difference.”
At of now, it is unclear who is behind the attack. However, we are keeping eye on the attack and this article will be updated soon. Stay tuned.
