Another version of Petya, named Petya GoldenEye, hit Germany in December 2016. GoldenEye is the next version of Petya-Mischa. Whereas Petya-Mischa either encrypts the MFT or the files in the filesystem, Goldeneye first encrypts the files in the hard drive and then goes about encrypting the MFT. GoldenEye, after encrypting the files, appends a string with eight random characters at the end of the filename. If the filename is Readme.txt, it is changed to Readme.txt.12er4rgg. The malware arrived on the victim machine via spam emails that posed as recruitment emails. Whereas Petya-Mischa needs administrator rights to encrypt the MFT, Petya Goldeneye goes a step further and acquires administrator rights. After this, the victim sees the skull in gold:
After the key is pressed, we get a ransomware message: