Posted by Remote Management Staff
Remote Management Staff

GoldenEye/Petya Ransomware - Customers of ITbrain Anti-Malware are protected.

Dear Customers,

We would like to reassure you that ITbrain Anti-Malware protects against the latest ransomware attack called GoldenEye (Petya like behaviour).

Our engines are detecting it as "Trojan.Ransom.GoldenEye.B" and will clear the main variants. We are adding new variants to the signature list for the same malware every hour.

Please make sure all Windows systems are updated. This new ransomware takes advantage of Microsoft Vulnerabilities(CVE-2017-0199 and MS17-010) which were patched already through updates.

Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This prevents infected computers from being booted up in Windows.

Just like Petya, GoldenEye encrypts the entire hard disk drive and denies the user access to the computer. However, unlike Petya, there is no workaround to help victims retrieve the decryption keys from the computer.

After the encryption process is complete, the ransomware has a specialised routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid. External backup is the only option for keeping the data secure.

Stay safe out there and keep everything up to date.

Product Owner, Remote Management services.