GoldenEye malware – the “new ransomware” security threat!

Malware and ransomware has been on a sharp rise in recent years, with security researchers saying that cyberthieves are adopting them in “alarming” numbers.

The rise in these types of cyber-attacks are usually money driven.

Malware is a software that’s installed covertly onto the user’s computers and disrupts the system to allows the cyber-hacker unauthorised access to it.

There’s a ‘new’ malware on the horizon… and it’s not from an unknown territory.

The Petya and Mischa ransomware combo effectively works together to encrypt user data, and they’ve joined forces to create a new malware called the GoldenEye. The GoldenEye ransomware is commonly mistaken for a new type of ransomware, when in actual fact, many experts believe that it’s a rebranding of the Petya and Mischa malware.

How does the GoldenEye malware work?

As of 6^th December, computer users reported malicious attacks, and after it was brought to the attention of security experts, the GoldenEye ransomware was identified as almost identical to Petya and Mischa.

The GoldenEye ransomware is spread through spam emails, and seems to only be targeting German-speaking users at this point. The spam emails are sent from individuals pretending to express their interest for a position at the company, containing two file attachments. The first is a CV that is used to convince the recruiter that the email is what it purports to be and is legitimate. The second is the killer; an excel spreadsheet. The spreadsheet is the main installer for the GoldenEye malware and contains malicious software that installs the malware.

It isn’t installed automatically, and the user has to click on the Enable Content button. Once the software is downloaded, it can automatically launch the programme and begin the encryption process. By this point, there is little the user can do to save their information and data. When the ‘encryption operation’ has ended, the ransomware will show the following note: “YOUR_FILES_ARE_ENCRYPTED.TXT”. Once information is encrypted, the user can only retrieve their data on payment.

This is where ransomware comes in. The cyber-hackers will only restore the users’ system back to its original form once a sum of money is paid.

How to recover your files

Users who want to recover their files can’t do so without a “personal decryption code”, which can only be purchased on the darknet. The GoldenEye malware asks for around £800 (which is usually paid in Bitcoins, a digital currency).

If you have been affected by the GoldenEye malware you can find step-by-step instructions online by searching for “goldeneye malware instructions”.

Deception

Because of the clever nature of the emails, some may not question the legitimacy of them. Even the most cautious individuals would’ve opened an email or an attachment which thankfully didn’t lead to malware, but on retrospect maybe wondered what made us trust the email. Unfortunately, this is how malware and ransomware works. It gains trust through deception.

How to keep protected

The best way to keep yourself protected from a malware attack is to download and install the anti-malware tool which provides a solution for your computer and checks for any malicious software. The scan will provide a list of items that may harm your computer system. With ransomware, it gets trickier, as the email usually looks legitimate. My advice is to boost your anti-spam settings, this’ll filter out any potentially harmful messages.

Of course, these small tips aren’t a complete solution but it’ll most certainly enhance the security of your system.

Police involved after a sensitive data leak occurred at Isle of Man’s Department of Health and Social Care

Rise of the fake news and its implications from a data perspective