GoldenEye Ransomware Alert

By Luke Watts // 27th June 2017

It only feels like yesterday since WannaCry hit thousands of IT systems across the World, notably affecting the NHS in the United Kingdom. Today there is news of the GoldenEye ransomware attack similarly affecting businesses across Europe mainly in Ukraine. The internet is so fast-paced that infections similar to these spread like wildfire from country to country.

GoldenEye uses the same exploit as WannaCry which is EternalBlue (actually developed by the NSA over in the states, then leaked to criminals causing havoc) – Microsoft released a security update that patches the exploit in a well-known protocol called SMB (simply put, the method used to share files, printers and more across IT networks)

GoldenEye is actually a merge of two previous viruses, Petya and Mischa forming GoldenEye which combines two methods of encryption, your files and NTFS structures – in a nutshell, GoldenEye is twice as destructive.

Top tips to protect you and your business

  • Always keep your Operating System up to date – if you’re a client of ours, we manage updates for you. This Microsoft Security bulletin lists the updates that should be installed to protect from this exploit.
  • Always run an Antivirus solution, Windows Defender as a bare minimum, but our product of choice is Webroot. Make sure your product is up to date, activated and running!
  • Be extra wary of opening links from the unknown – email or from the web
  • Have a working backup solution and make sure you’ve taken a recent backup. Recovery from encryption-based forms of malware are impossible to recover from, restoring is generally the only repair that can be undertaken – if you’re a client of ours, we look after your backups as standard.

Infected with GoldenEye?

First of all, we’re sorry to hear that. Disconnect yourself from your network immediately to prevent the spread to other devices in your office, disable WiFi and remove your network cable. Give us a call on 0333 344 4645 and take advantage of our Ad-Hoc & Emergency IT Support, which is particularly useful in these situations.

RoundWorks IT

Follow Us