A major cyber attack has been causing huge disruption across the globe in many companies and governments. It has just been a little over a month since a malware: WannaCry affected thousands of devices around the world, but now a new threat from a new virus named the GoldenEye ransomware has come to light. Originally, this malware had been identified as Petya, that first started circulating in 2016. The current attack now appears to be a Petya offshoot with many added refinements such as stronger encryption.
Though the actual impact of the malware across the globe is yet to be measured, Bitdefender Labs has said that it has had its biggest impact on companies in Ukraine. According to Bitdefender Labs, Chernobyl’s radiation monitoring system, law firm DLA Piper, pharma company Merck, a number of banks, an airport, the Kiev metro, Danish shipping and energy company Maersk, British advertiser WPP and Russian oil firm Rosneft have been the targets so far. Many other companies in the US, Germany, Norway, Russia, Denmark and France are among those to have confirmed issues so far. Seeing this cycle of spread, The GoldenEye seems to be specifically targeting European countries. However, reports stating that the ransomware is all set to get through inroads and attack India is also being circulated. Bogdan Botezatu, a Bitdefender Labs researcher said on Wednesday that GoldenEye /Petya operators have already received 13 payments in almost two hours which is $3.5K USD ($3,500) worth in digital currency.
As we said earlier, it has not been long since we escaped from the attacks of WannaCry. More than 200,000 victims in 150 countries were infected by that software, making them unable to access their files. The malware had originated in the UK and Spain last month, before spreading globally. But it seems like the threat is even more serious than the last time. Cyber security experts have warned that this time the virus is much more dangerous as it has no ‘kill switch’ and is designed to spread rapidly though networks even without any human intervention. To add to the fright,as sources from MailOnline have reported, Marcus Hutchins, who prevented the previous WannaCry attack by discovering a way to stop it from infecting new computers, said that even if users pay the fee their files could now be lost forever. He further went on to add that the company that hosts the email account which the ransomware asks you to contact closes the account and thus, there won’t be any way to get the files back. However, he also adds that as it’s still early days, no one has been able to find a fix yet but researchers are now working together to make the malware decryptable.
One of the greatest concerns after the discovery of this ransomware is that GoldenEye relies on the same EternalBlue exploit as WannaCry. EternalBlue affects every version of Windows between Windows XP and Windows 10 that have not installed the latest security updates released by Microsoft.
Ransomwares are those malwares that hold data to ransom, scrambling it until a payment is made, usually requesting virtual currency Bitcoin because it cannot be traced to a user.
GoldenEye is not just another ransomware as it’s more thorough than them. Researchers from Bitdefender Labs have said that in addition to encrypting individual files and holding them for ransom, GoldenEye also encrypts NTFS (New Technology File System) structures and has a specialized routine that forcefully crashes the computer to trigger a reboot. And, for now, there’s no way to workaround it–if your device is affected by GoldenEye, you’ll either have to cough up the $300 ransom or bid farewell to that particular computer.
So, for now, let us see some ways to avoid ransomware attacks. Here’s a list of prevention measures compiled by
Norton Antivirus:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links inside emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities
