New Ransomware Called “GoldenEye” Targets HR Departments

Updated on:
Cybercrime concept, on the computer keyboard
A new ransomware called GoldenEye has been targeting Human Resource departments while disguised as a job application.

It seems that cyber criminals are constantly modifying and improving the tactics they use to achieve their objectives.

One notable area that these efforts are being directed towards is ransomware. Ransomware has been a constant threat to computer users and businesses alike since the development of the internet.

Cybersecurity experts recently brought to light a new malware that categorically aims at the Human Resource departments of unsuspecting organizations.

According to internet security researchers at Check Point, this strategy utilizes a ransomware referred to as “GoldenEye,” which poses as a job application.

The ransomware is actually a new and improved version of the infamous Petya virus. The Petya virus has previously been in the public limelight, but seemed to have disappeared for a short period – until now.

The researchers at Check Point noted that GoldenEye ransomware capitalized on the fact that Human Resource departments have a tendency of opening emails and corresponding attachments indiscriminately, one of the mavirin methods through which ransomware infections are spread.

Your TOR usage is being watched

According to the most recent information, this new strategy employs misleading emails with two attachments; a PDF attachment and an Excel file.

The PDF attachment does not contain the ransomware. It bears a cover letter that is intentionally placed there to lower the victims’ guard. The Excel file is the one containing the ransomware in the form of malicious macros obscured from the victim.

The spreadsheet-viewing application will display text prompting the victim to enable content, and once this tab is clicked, the code executes and begins the file encryption process.

The encryption is made possible by base64 strings that are incorporated into the ransomware.

A bluured background of man pointing a pen on a keyboard, shallow depth of focus with 'CYBERCRIME' written on it.Digital Business and Technology concept.
The ransomware is actually a new and improved version of the infamous Petya virus.

They are activated immediately the content is enabled. The ransomware does this in order to gain access to the system as an administrator. At this point, it is able to manage the computer’s boot processes.

The users cannot access their files and are presented with a ransom note upon process

The ransomware then executes a forced reboot after which the Master File Table in the hard disk is encrypted.

The ransomware notes indicate that GoldenEye employs a complex military grade encryption protocol to encode the hard disk – it is suspected that it could be a combination of RSA and AES algorithms. Recently, the ransomware has seen mass distribution in Germany.

At the moment, GoldenEye ransomware is demanding a ransom of 1.3 BTC from the victims to restore access to the files.

The ransomware note has clear directions on how the victims can be able to regain access to their files. They have to purchase a decryption key at a dark web site provided by the racketeers.

The party behind this ransomware campaign is a group of cyber criminals called Janus. Janus is notorious for also doubling as ransomware distributers. They operated a website that sold Petya and other ransomware, an illegal activity commonly referred to as Ransomware-as-a-Service (RaaS), up until October of last year.

The victims have been advised not to pay the ransom and instead opt for recovery methods, noting that ransomware authors are known to rake in huge sums of money with limited reports of data being released.

Experts have forwarded several ways to tackle the GoldenEye problem including proactive prevention measures.

Data recovery methods have been recommended but only after the ransomware have been eradicated with an updated anti-malware tool. Security commenters are positive that as more users get informed, GoldenEye will eventually be terminated.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


  1. Anonymous

    They should use Varonis. Only “near 0 day” response to ransomware. SOLVED.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.