Petya Ransomware could return as Golden Eye

khushaartanveer@gmail.com' By: Khushaar Tanveer
3 minute read
protect pc from ransomware

The Petya-Mischa ransomware has made a comeback with a revamped version. It is solely based on the previous product but it uses a brand new name – Golden Eye.

Like a typical ransomware, the new variant Golden Eye has been set loose to hijack innocent victim’s computers and urge them to pay up. Its malicious tricks are found to be almost identical to previous Petya-Mischa versions.

Most users are cautious as well as confident that they would hardly ever fall for a trap set by malware attackers. But it is only a matter of time until we hit a bump, a minor bump that could lead to a breach in security. It is then, all the small suspicious signs become obvious but till then the damage has already been done.

So, the science of earning the trust of users by manipulative and premeditated lies is called Social Engineering. It is this approach that has been used by cyber criminals for many years for spreading ransomware. And is the same one that the ransomware Golden Eye has deployed.

How does Golden Eye work?

There are reports that the malware is received,  disguised as a job application. It sits in the spam folder of a user’s email accounts.

The email is titled ‘Bewerbung’ that means ‘application’. It comes with two attachments which contain attachments purporting to be files, important to the message. A PDF file – that appears to be a genuine looking resume. And an XLS (Excel spreadsheet) – this is where the ransomware’s modus operandi kicks in.

On the second page of the mail, there is a photograph of the asserted applicant. It ends with polite instructions about the excel file, stating that it contains significant material regarding the job application. No explicit demand, just a suggestion in the most natural way possible, keeping it as formal as a regular job application.

If the victim falls for the deception and presses the “Enable Content” button in the excel file, a macro is triggered. After successfully launching, it saves the embedded base64 strings into an executable file in the temp folder. When the file is created, a VBA script runs and it elicits the encryption process.

Dissimilarities with Petya Mischa:

The encryption process of Golden Eye is a little different from Petya-Misha’s one. Golden Eye encrypts the computer’s files first and then tries installing the MBR (Master Boot Record). It then appends a random 8-character extension on each file it targets. After that it modifies the boot process of the system, rendering the computer useless by restricting user access.

It then shows a threatening ransom note and forcibly reboots the system. A fake CHKDSK screen pops-up that acts like it is repairing some issues with your hard drive.

Then a skull and a cross bone flash on the screen, made by dramatic ASCII art. To make sure you don’t miss it, it asks you to press a key. Then you are given explicit instructions on how to pay the demanded sum.

To recover the files you would need to enter your personal key to a portal provided. To access it you will have to pay 1.33284506 bitcoins, equal to $1019.

What’s unfortunate is, there is yet no tool released for this ransomware that could decrypt its encryption algorithm.

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading