The latest version of Petya ransomware, GoldenEye, is attacking HR department with fake job applications loaded with the virus. It is holding those systems hostages for a steep ransom. GoldenEye (RaaS: Ransomware as a Service) is based on a profit sharing model where affiliates get revenue from the revenue they bring weekly. This is creating a healthy distributor community for ransomware and is catching interest. They have started phishing e-mail campaigns in Germany for now but soon it will be a global phenomenon.
How it happens?
They are targeting personnel departments since there are higher number of emails being opened from unknown sources. The email typically has 2 attachment and are presented as a job applications. One is a benign decoy document (usually Cover Letter) to reassure the receiver of the authenticity of the mail and the other attachment is an excel file with an embedded macro. The excel file is projected as an add on to the application and any diligent HR manager would click on it to know more details about the applicant. After clicking it, there seems to be a suggested test score which loads and excel would simply ask you make changes in office settings since it is a VBA (visual basic applications) macro.
Attackers have done a lot of work to make it look natural and does not scare away the victim with process to enable macro or disable security settings.
“GoldenEye then appends a random eight-character extension to each encrypted file. After all the files are encrypted, GoldenEye presents the ransom note: “YOUR_FILES_ARE_ENCRYPTED.TXT”.
After this GoldenEye forces a reboot and encrypts the disk.
Data shows that large volumes of emails have been seen in December, probably following a smooth trial run they have increased the attack volumes.
What to do?
GoldenEye is a clear example of how sophisticated the ransomware attacks have become. The asking price for GoldenEye is 1.4 Bitcoins (BTC) or $1000, which is exorbitant.
The best defense against any ransomware attack is not to let it happen. After the attack, the decryption key is the only solution left which has to be bought. Using a high grade cyber security and Data Leakage prevention (DLP) system is one of warding off the attacks. Ransomware evolves rapidly and hence the security systems need regular upgradation. The quality of system is placed should be beyond the prescribed standard because if the attackers succeed the time and monetary loses are very high.
Logix info security has state-of-the-art cyber security tools and DLP system. It is top notch and can ensures users safety.