System Force I.T.

Goldeneye – ExPetr Petya-esque Ransomware

Earlier this morning, many businesses around the world were hit by a new Petya-esque ransomware attack. Tens of thousands of infections have been reported globally, just one month after the WanaCrypt0r outbreak.

Customers using Malwarebytes Endpoint Security are protected against this specific ransomware variant. Malwarebytes anti-ransomware technology uses a dedicated real-time detection and blocking engine that continuously monitors for ransomware behaviors, such as those seen in this latest attack.

This Petya-esque ransomware, dubbed ‘Goldeneye’ by some IT experts, is more powerful, professional, and dangerous than last month’s WanaCrypt0r attack and uses the same EternalBlue exploit to target vulnerabilities in Microsoft’s operating system. However, this ransomware utilizes an MBR (Master Boot Record) locker, which prevents the computer from rebooting. The attack can spread laterally, infecting multiple systems within the organization. It does not have a kill switch like WanaCrypt0r, so there’s no simple end to the outbreak.

This appears to be a complex attack, which involves several vectors of compromise. It has been confirmed that EternalBlue and EternalRomance exploits are used by the criminals for propagation within the corporate network.

What should you do?

We advise all companies to update their Windows software: Windows XP and Windows 7 users can protect themselves by installing MS17-010 Security patch.

We also advise all organisations to have an up to date backup. Proper and timely backups of your data maybe used to restore files after a data loss event.

We recommend all customers run Malwarebytes EndPoint Security. For more information call 0845 8620066 or email