Ransomware attack: Goldeneye

| By:
Gavin Gamber

In the wake of another ransomware attack, this one labeled Goldeneye, we’re reaching out to ensure our partners that we’re focused on security first. According to Forbes, there are similarities with WannaCryptor, but experts are labeling this a variant of Petya aimed at the file system—specifically targeting the master boot record—instead of encrypting individual files. It utilizes the same attack vector that WannaCry used last month – an SMBv1 exploit that was patched in March under MS17-010 known as EternalBlue.

All ConnectWise partners who did not patch in March under MS17-010 should continue patching until all systems are reached. Find our Patch Management Partner Kit here.

The attack has effected systems beginning in Ukraine, and has been confirmed as spreading through a trojanized version of M.E.Doc accounting software. The massive ransomware campaign was launched in the early hours of June 27, and the outbreak is spreading globally. The National Bank of Ukraine has shared a warning on their website to help protect other banks, and the financial sector is taking steps to “strengthen security measures and counter hacker attacks.” The Independent is reporting affected systems in Spain and India, along with issues arising for Danish and British companies.

Reports are now coming in that Goldeneye has reached the US, with systems affected in major companies like Merck. Advanced security systems can block the currently known samples of new ransomware variants like Goldeneye, keeping most users safe from system infiltration.

Just like the WannaCry cyberattacks in May, this attack is highlighting the importance of maintaining up-to-date patching to keep your systems safe from these exploitative malware programs. Keeping your systems fully patched and using a vetted security solution with network segmentation can help prevent large-scale issues.

Our goal at ConnectWise is to provide partners with the tools and cyber security education they need to support their clients and prevent these kinds of attacks from happening. In addition to our core ConnectWise Automate® solution, that helps admins identify systems vulnerable to this attack and patch the vulnerability, we have also partnered with numerous vendors who provide ConnectWise certified integrations for security & business availability to block, prevent, or recover from this attack.

Patching, in conjunction with third-party products like anti-virus, antimalware & backup, are critical to providing the best IT services, and an integrated ecosystem of solutions allows you to:
  1. Close Windows vulnerabilities by staying up to date with ConnectWise Automate’s Patch Manager
  2. Detect new threats as the IT landscape continues to shift with anti-virus and antimalware protection
  3. Prevent an all-out disaster by procuring continuous backups of data
See how our vendor partners are addressing the latest attack:
Now is the time to make a plan before cyberattacks hit close to home.