Several companies and public institutions in Romania have been affected by a new ransomware attack called GoldenEye, which has also hit many users in Ukraine, Russia, Denmark, and Spain, on Tuesday, according to Romanian antivirus producer Bitdefender, writes local Mediafax.
The Ukrainian power distributor, the Kiev airport, several banks, and even the Ukrainian Government were hit by this new cyber-attack, according to Reuters. Russian oil company Rosneft, Danish shipping group Maersk, French construction materials firm Saint Gobain, and food company Mondelez International also experienced problems with their computers on Tuesday.
“Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide. Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family,” according to a post on the Bitdefender blog.
According to Bitdefender specialists, the new attack is more complex than the WannaCry virus, which paralyzed the activity of big companies and public institutions in the UK, US, Spain, and other countries, including Romania, in May this year.
“Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims’ computers from being booted up in a live OS environment and retrieving stored information or samples.”
After the encryption process is complete, the ransomware forcefully crashes the computer to trigger a reboot that renders the computer unusable until the USD 300 ransom is paid, according to Bitdefender. The security solutions produced by the Romanian company apparently block the new GoldenEye attack.