The world has barely recovered from the aftermath of WannaCry, and there’s already a more powerful ransomware on the loose. Some security firms are calling the new menace GoldenEye, describing it as a variation of the Petya family of ransomware that targets Windows PCs. Kaspersky Lab states that this is not the case, dubbing the malware NotPetya.
Petya/NotPetya is based on the same EternalBlue exploit as WannaCry. According to Bitdefender Labs, GoldenEye is much more lethal since it uses two layers of encryption to lock up files and the NTFS file system. That way, a targeted computer is prevented from being booted up in a live OS environment.
GoldenEye then forcefully crashes the victim’s computer and triggers a reboot which makes it unusable until $300 in Bitcoin has been handed over. A Twitter bot named petya_payments claims that the hackers have received 36 ransom payments so far.
CNET reports that Ukraine is the worst hit, with several banks and government agencies going under. US-based pharma company Merck and Russian oil major Rosnoft have gotten affected as well. Unfortunately, it seems there is no workaround for GoldenEye yet. Still, security firms are advising people not to pay the ransom.
Talos Intelligence asserts that Petya wormed its way into computers via a falsified update to a Ukranian accounting software called MeDoc. Once it got in, the malware easily made its way into any system running the software and spread like wildfire in the nation.
Efforts to track down the perpetrators are in full swing at the moment. As you can see above, the hackers were using a Posteo email account to maintain contact with victims. The company has since shut down the account and is working with German police to find out who set it up. In the meanwhile, someone will hopefully come up with a kill switch.