Another massive Goldeneye Ransomware attack hits users worldwide. It targeted mostly governments and businesses; Encrypting all the files on a targeted computers and files to lock out users and demanding them to pay $300 via Bitcoin to restore access to machine.
Ransomware forces computer to restart and print out the ransom note without any further delay.
According to Kaspersky Lab, around 2,000 users have been attacked with targets in Russia and Ukraine most severely affected. David Montenegro, an IT researcher also known as @cyberinsane posted a picture of a locked computer on Twitter.
Here we go again!!! | Ransomware Attack .. ?? pic.twitter.com/Hprt2PhDyv
— David Montenegro (@CryptoInsane) June 27, 2017
A spokesperson for the National Cyber Security Centre issued a statement saying, simply, “We are aware of a global ransomware incident and are monitoring the situation closely.”
NHS Digital said on Twitter that “There are no known significant cyber-security threats affecting health.” Last month the global WannaCry campaign took out 48 NHS trusts, leaving hospitals all over the UK paralysed.
Much like WannaCry, GoldenEye appears to be quite cheap, charging a relatively meagre US$300 (£234) for decryption. The bitcoin wallet it is directing victims to has already received 13 transactions.
It is not yet known what the propagating component is, but it is suspected to be wormable. Javvad Malik, security advocate at AlienVault, told SC Media UK that it appears to be “spreading via EternalBlue, the NSA vulnerability that was leaked by Shadowbrokers and spreads via the SMB1 protocol.” EternalBlue was the same exploit that allowed WannaCry to spread to hundreds of thousands of endpoints in more than 150 countries in a matter of hours.
Another thing common between WannaCry and GoldenEye/Petya is that both malware only target Windows operating systems.
According to DailyMail, the first target of GoldenEye ransomware was Ukraine when its power grid, national bank, supermarkets, airport and telecom firms reported that their IT systems have been affected.
A Tweet from Ukrainian Deputy Prime Minister Rozenko Pavlo shows a picture of a computer system revealing that computer systems of government have been infected.
After Europe, the IT system of pharmaceutical giant Merck Sharp and Dohme in the US were reportedly infected.
UPDATE 15:00 CEST pic.twitter.com/L5pBYvNQd3
— Maersk (@Maersk) June 27, 2017
Furthermore, WPP, a UK-based ad agency also reported that its IT system was affected and the staff was asked not to use the Internet. The reports also suggest that firms and businesses in Russia, Norway, Denmark, France, Spain, and India are also under attack.
A massive hacker attack has hit the servers of the Company. We hope it has no relation to the ongoing court procedures.
— Rosneft (@RosneftEN) June 27, 2017
Sigurdur Stefnisson, vice president of threat research at Cyren said that:
“Less than three hours ago, Cyren detected a variant of the Petya ransomware. Cyren researchers identified affected users in numerous countries, including India, UK, and many others. The company anticipates this will become a widespread threat with victims emerging in all corners of the globe.”
Vishal Gupta, CEO of Seclore commented on the issue and said that:
“The rate at which these ransomware attacks are being developed, and subsequently spreading, is worrisome, but unfortunately not surprising. While there is a lot of speculation of who is behind this attack, what is most concerning is the type of institutions that are being impacted, including financial systems, airports and energy companies. When these networks are hit, the stakes are much higher, moving well beyond a nuisance. It isn’t an exaggeration to say that these attacks could have life and death consequences. As ransomware attacks continue to dominate the headlines, my hope is that companies begin to take a step back and make cybersecurity their top priority. Even simple measures like increased training, more communication around cyber security best practices, implementing data-centric security policies and ensuring updates are made can make all the difference.”