Home / Apple / GoldenEye is here and its not for the N64!

GoldenEye is here and its not for the N64!

I’m here today to bring something to everyone’s attention and it’s something I think everyone should be aware of. The first one is ransomware-type virus called GoldenEye and the other is a helpful guide to help you to stay safe.

What is ransomware? “It’s a type of malicious software designed to block access to a computer system until a sum of money is paid.

GoldenEye is a combination of Petya and MISCHA ransomware-type viruses. As with Petya and MISCHA, GoldenEye is also distributed using a spam email message. This email delivers a fake job offer with text in German and two files attached. One is a fake CV, the other, a malicious MS Excel file. If the Excel file is opened, a pop-up asking to “enable macros” appears. If a user enables these macro commands, the Excel file will generate an executable file and launch the ransomware.

ge-email-640

ge-p1

MISCHA and Petya differ in that MISCHA only encrypts certain files, while Petya encrypts the hard drive itself (thus, making it impossible to use the computer properly). GoldenEye, however, performs both of these tasks. Petya ransomware was designed to infiltrate the system and attempts to overwrite the system’s MBR (Master Boot Record). To achieve this, Petya must obtain administrative permissions. If the user denies these permissions, the encryption process simply stopped. If, however, the permissions are given, Petya modifies the MBR with a custom boot loader.ge-bitte-6362

Petya automatically reboots the computer, displays a fake check disk (CHKDSK) screen and encrypts the hard drive in the background. It then displays a ransom demand message using ASCII Text Art. The message is temporarily displayed when booting the computer. MISCHA, on the other hand, does not attempt to modify the MBR – it simply encrypts files.

ge-chkdskThis behavior is very common to regular ransomware-type viruses. GoldenEye performs these actions in reverse: it encrypts data and only then attempts to modify the MBR, thereby preventing victims from stopping the encryption process (by denying permissions).ge-skull

In addition, GoldenEye creates a text file (“YOUR_FILES_ARE_ENCRYPTED.txt“, containing an identical message) and places it in certain folders (e.g., Desktop, My Documents, etc.) Furthermore, GoldenEye appends eight random characters to the name of each encrypted file (e.g., “sample.jpg” might be renamed to “sample.jpg.g8k3jmol“).ge-hit2

Now that’s not all it also demands a ransom payment of 1.31034193 Bitcoins (approximately $1000) for decryption. To submit pay, victims must follow instructions provided on GoldenEye’s Tor website (the link is provided within the ransom-demand message). Note: paying does not guarantee that your files will ever be decrypted. And just so you know most if any will ever return control or unencrypt your files so paying just lines there pockets and rips you off as well.

So you may be asking  what can I do? Here are a few steps that can help keep you safe.

  1. Don’t store important data only on your PC.
  2. Have 2 backups of your data on an external hard drive and in the cloud – Dropbox/Google Drive/etc.
  3. Make sure Dropbox/Google Drive/OneDrive/etc. application on your computer is not turned on by default. Only open them once a day, to sync data, and close them once this is done.
  4. Your operating system and the software you use is up to date, including the latest security updates.
  5. For daily use, don’t use an administrator account on your computer. I use a guest account with limited privileges. This may not always be easy to do but worth it for safety sake.
  6.  Adjust your browsers’ security and privacy settings for increased protection.
  7. Remove outdated plugins and add-ons from your browsers. Only keep the ones you use on a daily basis and keep them updated to the latest version.
  8. Use an ad blocker to avoid the threat of potentially malicious ads.
  9. Never open spam emails or emails from unknown senders, never download attachments from spam emails or suspicious emails, and never click links in spam emails or suspicious emails.
  10. Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.

Now this is just some of what you can do to keep you safe you can also look HERE for a helpful guide by Sophos for dealing with GoldenEye and other ransomware.

You can also try HERE if you have been infected by GoldenEye

So please keep yourself safe, be careful of what you open in emails, and keep your security and antivirus up to date. Your best bet is to keep your eyes open to fishy looking links and emails while online.

Thank you for reading and keep doing it for the love of the game.

SOURCE 1

SOURCE 2

About riddle43

riddle43
Do it for the love of the game.

3 comments

  1. Just wanted to add: you don’t need a paid antivirus. All of the major free antivirus programs are still able to scan for malware, alert you to threats in real time, and prevent malicious software from running.
    You don’t need most of the things a paid antivirus offers, and the few things you do need from it can be gotten for free elsewhere (adblocking and filters, etc).

  2. that’s Hella scary… once your infected…

    I wonder if malwarebytes would help

    • riddle43

      Agreed you don’t have to get a paid antivirus there are many ways for free to keep your system safe. Also malwarebytes may not help once you have been hit by this but being safe and not clicking on links is a good way to keep yourself safe.

Leave a Reply

Your email address will not be published. Required fields are marked *