There’s a new ransomware in town — and it is just may be worse than the WannaCry virus that locked down more than 200,000 computers last month.
Enter GoldenEye, a variation of the Petya ransomware, that is spreading across the globe after first hitting 12,500 computer systems in the Ukraine, including the country’s electrical grid, government offices and an airport. From there, the virus spread to Russia where it hit Rosneft, an oil production company owned by the Russian government. Denmark business conglomerate the AP Moller Maersk Group was hit next followed by New Jersey pharmaceutical corporation Merck.
GoldenEye starts by infecting a single machine. Once a machine is infected, the virus will spread to the computer’s entire network if the system is not shutdown on time. The biggest problem is that this ransomware is virtually undetectable until it is too late. According to a CNBC report, many anti-virus programs do not recognize it as a virus and are unable to stop it.
The ransomware locks the computer’s master boot record removing the computer’s ability to use its operating system to find files. It then attacks that computer’s network using the same vulnerability in Microsoft Windows that WannaCry capitalized on in May. The flaw was uncovered by and then stolen from the National Security Agency (NSA) earlier this year.
“The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated,” Microsoft said in a security update.
“To protect our customers, we released cloud-delivered protection updates and made updates to our signature definition packages shortly after. These updates were automatically delivered to all Microsoft free antimalware products, including Windows Defender Antivirus and Microsoft Security Essentials. You can download the latest version of these files manually at the Malware Protection Center.”
Although only large companies and agencies have been attacked thus far, that does not mean individuals or small businesses are safe. To keep your machine as safe as possible, ensure you are using the latest version of Windows which has been updated to patch the flaw. It is also a good idea to update any anti-virus programs you use to scan your machine as well as to back up your files — this ensures you will never lose your data, even if your machine is infected.
If GoldenEye did infect your system, you would receive a ransom demand of $300 in bitcoin to unlock your machine. Microsoft and other security experts have advised people not to pay the ransom because there is no way to contact or communicate with the culprits responsible.
To learn more about GoldenEye and how it works, check out Microsoft’s in-depth blog post here.