Ransomware remains one of the biggest threats to computer users all over the world. Even though a lot of people have become more aware of these problems, and taken the necessary precautions, it is impossible to prevent some malicious software from slipping by. Goldeneye ransomware is a perfect example of how things can get out of hand pretty quickly.
Goldeneye Ransomware Distribution Taken To A New Level
To put all of this into perspective, most people are well aware of how criminals attempt to distribute ransomware on a large scale. Spamming campaigns, malvertising, and malicious application downloads are the three most common methods of doing so. As users protect themselves against the threats, they are mostly successful in staying infection-free.
But some of us still tend to behave in such a way that we regard not getting a ransomware infection more luck than skill or precaution. Being careful in an online environment is one thing, but even the best of us can fall victim to malicious software. A new spam campaign targeting German users goes to show how cautious Internet users can still be tricked into downloading an infected file.
Everyone in the world has downloaded an email attachment that turned out to be nothing special. Every time that happens, there is a risk of getting a malware infection. The German spam campaign in question attaches two attachments to every email. To most users, this will look less suspicious than just one attachment, for some unknown reason.
As one would come to expect, only one attachment contains the Goldeneye ransomware payload. Since one of the attached files is a PDF related to a job position, it is not unlikely to think that most people will open that file to see what it is all about. The other file is an excel sheet which users need to fill in with personal information to reply to the application. This is where the magic happens, and the payload installation is triggered.
Once the Goldeneye ransomware payload is downloaded, it will be running in the background from that moment onwards. Computer files will be encrypted, leaving behind several files explaining what has happened. But there is a twist, as Goldeneye goes beyond traditional file encryption to encrypt the Master File Table of hard drives as well. Without the MFT, a hard drive is turned into something that cannot be repaired by any means.
Paying the Bitcoin ransom demand is not a viable option at this stage since users will be forced to pay twice, first to recover the MFT, and then to decrypt the locked files. Right now, it appears that users will ask for about US$2,000 in Bitcoin to get rid of both encryption locks, which is quite a steep price.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.