Computer systems around the world have been hit with a new ransomware malware called Goldeneye, a variant of Petya ransomware. Its targets are governments and businesses; infecting computers and files to lock out users and demanding $300 in Bitcoin to regain access.
Upon infecting a system the malware forces the targeted computer to restart so the victim can see the ransom note without any further delay.
The malware was discovered by security researchers at Bitdefender who are also keeping an eye on the ongoing attack and according to researcher Bogdan Botezatu “Just like Petya, it is particularly dangerous because it doesn’t only encrypt files, it also encrypts the hard drive as well.”
Bitdefender and Symantec, both cyber security giants, have confirmed that Goldeneye leverages EternalBlue exploit to spread from one computer to another. The EternalBlue exploit was also used during WannaCry ransomware attack in which more than 200,000 computers were infected worldwide.
Another thing common between WannaCry and GoldenEye/Petya is that both malware only target Windows operating systems.
According to DailyMail, the first target of GoldenEye ransomware was Ukraine when its power grid, national bank, supermarkets, airport and telecom firms reported that their IT systems have been affected.