Anti-Malware Research Whitepapers

A technical look into the GoldenEye ransomware attack

On June 27th, reports of a rapidly spreading ransomware attack started to emerge from Ukraine. The speed at which critical infrastructure networks were shutting down pointed to a ransomware application with a wormable component, whose virality called to mind the WannaCry ransomware. In less than three hours, the infection crippled banks, ATMs, public transport and an airport, as well as utilities provider Kyivenergo. Then it spread outside the Ukraine.

As multiple critical infrastructure networks reported major blackouts, Bitdefender started an internal investigation over the isolated malware samples to trace the attack’s origin and better understand what it targeted, and how. The following report is based on our internal telemetry and reflects what we know as of the moment of writing.

Download  Everything we know about GoldenEye (2053 downloads)

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.