Ransomware is still one of the biggest threats facing Internet users, and an extremely aggressive version of this type of nasty malware has been let loose in the wild.
It borrows its name from both a Bond movie and a duck. It’s GoldenEye.
In reality it is just a slightly modified version of a previous type of ransomware that spread earlier in 2016 called Petya. However unlike many versions of ransomware, GoldenEye is particularly destructive since it encrypts your computer, twice!
At this point, if you don’t know what ransomware is yet (you should) read this article. It’s essentially malware that encrypts all your personal files with strong encryption, and tries to extort you into paying for the decryption key to decrypt them. It’s very nasty, since unless you have those files backed up, you can’t really get them back without paying up, since the encryption really is just too strong.
It is most commonly spread through malicious email attachments. And that is exactly how GoldenEye is distributed. However, unlike most ransomware variants that arrive in .exe or .bat extensions inside a ZIP folder, GoldenEye emails actually lure victims into opening an infected Excel document posing as an employee resume (so HR departments be particularly aware!)
Upon opening the Excel document, Excel will ask if you’d like to ‘Enable Macros’ (or Enable Content) since they are disabled by default as a security precaution. Upon enabling them, the Excel sheet can execute a script that installs the GoldenEye ransomware.
And now you’re infected. But it doesn’t stop there. Once your files are encrypted, your computer is instructed to reboot, and then GoldenEye ALSO scrambles something on your computer called the MFT, or Master File Table. This is essentially a map of your hard drive, telling your computer where everything it stored. Without it, your computer doesn’t know where anything is on your hard drive, making it as useful as a paperweight.
Encrypted files and an encrypted MFT. That’s a double whammy.
Next you’ll see a ransom page (below) referring to a webpage asking for around 1.4 Bitcoins, which is roughly $1000 US. However, paying this ransom only (might) get you the decrypt key for the MFT, so you can get back into Windows. Once you get back into Windows, your files are still all encrypted, meaning you’ll get another ransom note expecting a subsequent payment. That could well be another $1000 needed.
That’s a lot of money, and there’s still no guarantee that you’ll get those decrypt keys, since, after all, you are dealing with criminals, and good customer service isn’t exactly their highest priority.
This is another reason why backing up your files to another device that’s not connected to your computer is so important. With a full back-up, you can give the ransomware criminals the metaphorical finger, ignore their demands for money and simply recover your computer to factory settings and re-upload all your files from your backup. A pain, certainly. But more preferable to forking out thousands of dollars.
Now, to stay safe, just remember this (and say it after us)… I will not open up email attachments from emails I was not specifically expecting.
The hacker(s) behind GoldenEye, and its inspiration Petya, is known as Janus. James Bond buffs should easily make the connection. Janus was the name of the crime syndicate in the 1995 Bond movie GoldenEye.