GoldenEye Ransomware

The GoldenEye Ransomware is a Trojan that combines the data-encrypting features of both the Petya Ransomware and the Mischa Ransomware. In addition to locking your files, it can modify the underlying file system and interfere with the boot-up process negatively. PC users should protect their computers with anti-malware software able to delete the GoldenEye Ransomware before it compromises the system.

A Rogue Agent on the Loose

Although they haven't seen the widespread recognition of 'freeware' threats like Hidden Tear or EDA2 Trojans, the Petya Ransomware and the Mischa Ransomware belong to a family that receives dedicated updates and sophisticated campaigning exploits. The latest entry in this group, the GoldenEye Ransomware, combines the features of both of the above Trojans. Accordingly, threat actors have a 'backup plan' that lets them continue attacking your computer's data, even if the other portions of the payload fail for unanticipated reasons.

The GoldenEye Ransomware seems to be targeting PC users in European nations like Germany, using the technique of disguising Trojan droppers as being invoices and additional work minutia. PDF and spreadsheet-based Trojans attached to e-mail messages install the GoldenEye Ransomware, triggering a Visual Basic script that encrypts the PC.

At first, the GoldenEye Ransomware leverages a standard file-based encryption attack for locking your media, also adding random eight-character strings to their names. The Trojan then hijacks the MBR to force the computer to reboot into its custom loader, along with creating a ransom message. This custom loading routine uses a fake version of the Windows Check Disk screen to distract the victim while the GoldenEye Ransomware begins another encryption attack that malware experts find targeting the drive's Master File Table.

Keeping the Gold out of a Trojan's Eyesight

Depending on whether or not the more-invasive MFT encryption supplants the file-by-file encryption of the GoldenEye Ransomware's first attack, victims may see either a Notepad-based ransom note or a message on the boot loader screen. In either case, these people promote their TOR-based Web infrastructure for collecting payments, after which they claim to provide decryption solutions. The GoldenEye Ransomware asks for one thousand dollars in the Bitcoin currency currently, a sum that malware experts often see in campaigns targeting unprotected businesses.

Even if the GoldenEye Ransomware's attempt at compromising the MFT is partially or wholly unsuccessful, it can cause permanent damage to the operating system or your saved files. However, its current distribution methods are just as dependent on confirmed infection vectors as past threats. Business administrators should continue educating their workers on the possibility of e-mail-based Trojan attacks, particularly for Germany, where malware experts can confirm over a hundred GoldenEye Ransomware infections.

Traditional anti-malware solutions may be able to delete the GoldenEye Ransomware or block its installers, but a complete recovery from its payload can require reinstalling Windows and salvaging all data from a backup. Even a small step in prevention is far more practical than an after-the-fact recovery from this rogue agent's attacks.
[

Technical Details