- Home
Detectable Ransomware GoldenEye
Ransomware Research
GoldenEye Ransomware
GoldenEye is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2016, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Petya-3.
Quick Facts
- Ransomware Family
- GoldenEye
- First Seen
- December 1, 2016
- Known Aliases
- Petya-3
How GoldenEye Ransomware Works
Targeted Files
https://app.any.run/tasks/57cf811c-2908-4c3c-a136-f8130ba26c43/# Encrypts MBR https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
File Encryption Patterns
GoldenEye modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.[a-zA-Z0-9]{8}\b/
Ransom Note and Payment Demands
After encrypting files, GoldenEye displays ransom notes demanding payment for file recovery:
YOUR_FILES_ARE_ENCRYPTED.TXT
Ransom message:
notes/YOUR_FILES_ARE_ENCRYPTED.TXT
Note locations:
UserFolders
Technical Indicators
Associated Executable Files
The following executable files are associated with GoldenEye ransomware:
Unconfirmed 536177.crdownload
malware04.exe
Goldeneye.exe
unpacking5
verclsid.exe
HD_4b8df8955413f4a14308fd70308d6c14cf1dfc8c6463ae1337aeb8915a5705d6.exe
bthudtask.exe
08336499.exe
autochk.exe
petya_1.exe
Trojan.Ransom.GoldenEye
waitfor.exe
1.exe
stordiag.exe
RdpSa.exe
fontview.exe
notepad.exe
rad22D1E.exe
rad6F504.exe
rad1BA60.exe
rad70B4E.exe
rad7E370.exe
rad57632.exe
unlodctr.exe
rad031BE.exe
rad13F28.exe
cipher.exe
Trojan.Ransom.GoldenEye.exe
CertEnrollCtrl.exe
Trojan.Ransom.exe
radF1A2A.exe
legionsucks.bin
cliconfg.exe
rad3ca89.exe
rad50a43.exe
rad298d7.exe
radBA016.exe
goldeneye.exe.dontrun
Kopie von rad6F11F.exe
goldeneye no spreader.exe
Kopie_von_rad6F11F.exe
bad2.exe
GoldenEye.exe
rad859C9.exe.VIRUS
goldeye.exe
rad6E140.exe
rad020C.exe
rad020C.ex_
Kopie_von_rad6F11F.exe.2.bin.exe
radF0BD7.exe
rad8FE4F.ex$
malware.exe
rad7CB7C.exe
radF1016.exe
radF1016.exe-attention
rad20B9E.exe
radF3E9A.exe
radD6E08.exe
rad6E6BE.exe
netcfg.ex_
ReAgentc.exe
SHRWIZ
shrpubw.exe
PasswordOnWakeSettingFlyout.exe
rcxbe26.tmp
netcfg.exe
tmp_7660-netcfg.exe
EOS_v2.exe
ESETOnlineScanner.exe
Petr1.exe
_irt.exe
bl94.exe
ESET ещё разок.exe
4.Goldeneye.exe
core.dll
UI0Detect.exe
Netplwiz.exe
autoconv
AUTOCONV.EXE
autoconv.exe
ahui.exe
myfile.exe
UNLODCTR.EXE
codexgigas_36bcb56703a0b97492e96a6064314fdb61bd1757
p2phost.exe
Elastio Can Help You
Don't let GoldenEye ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This GoldenEye ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like GoldenEye.
Last updated: July 30, 2025