Ransomware Targets HR Departments with Fake Applications

Ransomware Targets HR Departments with Fake Applications

Ransomware is a form of cyberattack in which the attacker encrypts certain files on a user’s computer, locks them out of vital programs, or freezes their desktop, then demands payment to undo the damage—hence the name. HR professionals are particularly vulnerable to this form of malware as their jobs often require them to open emails and attachments from unknown sources. At ZDNet, Danny Palmer warns of a new ransomware program known as GoldenEye, a variant of the Petya family of ransomware, that exploits this vulnerability by disguising the malicious program as an innocuous job application:

The initial email contains a short message from the fake applicant, directing the victim to two attachments. The first is a covering letter within a PDF which doesn’t actually contain any malicious software, but is intended to reassure the target that they’re dealing with a standard job application. However, the second attachment is an Excel file supposedly containing an application form but which in fact contains the malicious GoldenEye payload.

Upon opening the Excel attachment, the target is presented with a document which claims to be ‘Loading’ and requires them to enable Macros to view the file. When Macros are enabled, GoldenEye executes a code and begins encrypting the users’ files before presenting them with a ransom note using yellow text — rather than the red or green used by other Petya variants.

The new ransomware campaign comes at a time when this type of attack is on the rise. Last month, Computerworld’s Lucian Constantin reported that encryption-based ransomware attacks were becoming more common and that criminals were increasingly targeting enterprises rather than individuals:

In 2014, 80 percent of ransomware attacks used traditional techniques that involved, for example, locking the desktop screen and telling users that they needed to pay fines. However, in 2015, the statistics flipped and 80 percent of attacks involved crypto-ransomware, the malicious programs that encrypt files. …

A recent IBM survey of 600 business leaders in the U.S. found that one in two had experienced a ransomware attack in the workplace and that in 70 percent of cases their companies paid to get their data back. Emails distributing ransomware programs made up nearly 40 percent of all spam e-mails sent in 2016, and criminals are on track to make nearly $1 billion this year from this type of malware, IBM X-Force said.

Constantin notes that HR and finance departments are particularly at risk, due to the simplicity of concealing malware within a résumé or invoice.