GoldenEye: Was it just ransomware, or something more?

By July 15, 2017 News

GoldenEye, Petya, NotPeyta are probably names you have heard thrown around this past month and they all are referring to the same thing… the latest and greatest iteration of ransomware. At the very end of June the GoldenEye strain of the Petya ransomware made headlines worldwide.  The attack started out in the Ukraine but quickly spread from there. Huge companies, such as Rosneft, the largest oil production company in Russia  all the way to one of the largest pharmaceutical companies in the world, Merck, right here in New Jersey were hit.

This is another instance of hackers using the NSA’s EternalBlue exploit that took advantage of Windows PC’s just like WannaCry did the other month where you don’t need to be the person to open the phishing email to get infected, just someone on your network. Perhaps even scarier is that ransomware attacks like this don’t even need to be carried out by computer experts. There are forms of ransomware for sale out on the dark web as a do-it-yourself kit, where creators take a cut of the ransom.

GoldenEye spread to billion-dollar companies with big wallets, but recent reports may have found ulterior motives…

The ransomware GoldenEye hit fast and hard globally. A few of the big name companies that were hit are worth billions, which leads to question the $300 per computer ransom. According to CNET the whole thing may have been a smoke screen and the goal was not to actually collect the ransom, but to in fact destroy the data.

The ransomware displays a message for $300 worth of Bitcoin, but the email associated with this was shut down by the email provider. So even if someone paid they won’t be getting the decryption code and their data is lost. The GoldenEye ransomware also take extra steps when it does the file encryption to not only get crucial files, but the entire hard drive and forces the PC to restart after. It even goes as far as deleting the computer’s event logs to attempt to completely cover its tracks.

The exact purpose is still speculation, but one thing can be certain, ransomware is here to stay and it appears to be getting worse with each attack. However, you can still take measures to protect yourself. Education of employees for spotting phishing attempts can make all the difference as well as keeping your systems up to date.

How to Protect Yourself

If your servers and workstations are covered under a SWK Network Service plan you are likely fine. However, if you are not covered by a Network Service plan we recommend ensuring that your systems have been patched to protect your network from Petya. Consumers who have up-to-date software are more likely to be protected.