Total Defense products detect the known variations of the GoldenEye / Petya ransomware.

Total Defense has identified a massive ransomware attack that is currently unfolding worldwide. Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family. Total Defense products detect the currently known samples of this new “GoldenEye/Petya” ransomware.

Recently ransomware has become one of the most popular forms of online attack. Typically it starts with attackers sending out emails that include a file or link, that may appear innocent, but contains the dangerous malware Computers hit by the malware display a locked screen that demands a payment to retrieve files. The malware promises to provide a specialized key to users who pay a ransom of $300 in bitcoins — the same ploy used by the WannaCry ransomware, which affected computers in more than 150 countries

Unlike most ransonware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims computers from being booted up in a live OS environment and retrieving stored information or samples.

Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the ransom is paid.


Total Defense has been passionate about protecting consumers and businesses since 1992. Our product isn’t just software, but a commitment to your cybersecurity, from installing the software effectively to helping you with recovery in the highly unlikely event of a breach, we’re here to sweat the small stuff so you don’t sweat at all.