Global Companies Hit by New GoldenEye Ransomware Attack

Key Takeaways
- GoldenEye ransomware targets companies across Europe and beyond, with early reports of major victims
- The malware uses stronger encryption than previous variants and lacks a known kill switch
- Security researchers are working to develop a decryption method, but no solution is available yet
- Prevention tips include using antivirus software, regular backups, and avoiding suspicious links
Global Companies Hit by New GoldenEye Ransomware Attack
A dangerous new ransomware strain called GoldenEye has started spreading around the world, disrupting major corporations and government agencies. This threat is linked to the Petya malware that first appeared in 2016 but includes significant upgrades, such as stronger encryption methods. Although the full impact remains unclear, reports from Bitdefender Labs indicate the most affected area is Ukraine, with targets including Chernobyl's radiation monitoring system, law firm DLA Piper, pharmaceutical company Merck, several banks, an airport, the Kiev metro, Danish shipping and energy giant Maersk, British advertising firm WPP, and Russian oil company Rosneft. Additional companies in the US, Germany, Norway, Russia, Denmark, and France have also confirmed issues.
Security experts warn this variant is especially dangerous because it lacks a 'kill switch' found in previous ransomware attacks and can spread automatically through networks without human intervention. Marcus Hutchins, who previously helped stop the WannaCry outbreak, stated that even paying the ransom may not recover encrypted files, as the ransomware's command email account could be closed. Researchers are currently working to find a decryption solution, but none exists yet.
GoldenEye uses the same EternalBlue exploit as WannaCry, affecting all Windows versions from XP to 10 that lack the latest security patches. Beyond file encryption, it also encrypts core system structures and forces computers to reboot, making recovery difficult. If a device is infected, the only options are paying a $300 ransom or losing the data entirely.
To protect against such attacks, Norton Antivirus recommends several steps: use trusted antivirus software and firewalls, back up data regularly, enable popup blockers, avoid clicking links in emails or suspicious websites, disconnect from the internet if a ransom note appears, and report incidents to authorities.



