New malware branded as “GoldenEye,” is a variant of Petya that targets human resource departments. Petya is ransomware that attacks low-level structures on a disk, rather than encrypting files one by one. It ultimately denies access to the full system by encrypting the master file table or MFT.
GoldenEye was specifically designed to target HR departments because they often open dozens of email attachments from strangers on a daily basis. The ransomware includes two files, the first is a cover-letter that appears genuine to draw the victim in. The second is an excel file that prompts you to enable macros to see the document data.
Once the “Enable Content” button is clicked, the macro begins rendering the system unusable. The ransomware displays a fake “chkdsk” screen while it is encrypting the disk, making it impossible to see any files. Upon encryption, the victim is shown a ransom note. Within the ransom-note are instructions on how to access the Deep Web with Tor, as well as the Dark Web portal where one is able to pay the ransom.
It seems as if the attacker’s goal is to steal $1,000 from each victim, therefore the figures vary due to the fluctuation in the Bitcoin price. The current ransom demand is approximately 1.2 Bitcoin.