A VARIANT OF THE Petya ransomware dubbed GoldenEye is targeting human resources (HR) with fake job applications infected with malware.
GoldenEye has been around for some time, but security firm Check Point notes that it has recently turned its attention to HR staffers that frequently open emails from unknown sources.
The campaign, which is targeting HR employees in Germany, lures victims in with a legitimate looking job application. There are two files attached to the email: a PDF containing a cover letter which has no malicious content and its primary purpose is to lull the victim into a false sense of security, and an Excel file with malicious macros unbeknown to the receiver.
The latter contains a picture of a flower with the word "Loading…" underneath, and a text in German asking the victim to enable content so that the macros can run.
"When a user When a user clicks "Enable Content", the code inside the macro executes and initiates the process of encrypting the files, denying the victim access to his or her files," Check Point explains.
"GoldenEye then, appends a random 8-character extension to each encrypted file. After all the files are encrypted, GoldenEye presents the ransom note: "YOUR_FILES_ARE_ENCRYPTED.TXT" After displaying the ransom note, GoldenEye forces a reboot and starts encrypting the disk.
"This action makes it impossible to access any files on the hard disk. While the disk undergoes encryption, the victim sees a fake "chkdsk" screen, as in previous Petya variants."
From here, users are presented with a ransom note - the same seen in previous Petya campaigns but with a new gold colour scheme (above). The victim is presented with a "personal decryption code", which can enter be in a Dark Web portal in order to pay the ransom.
The current ransom demanded by GoldenEye begins at 1.3 BitCoins (BTC), which works out at approximately $1,000 (around £810). µ
The week in Google
The scandal that just keeps giving
Clip to the end....