Cybercriminals are continuing to carry out ransomware attacks on organizations at a greater frequency, according to two new reports highlighted by Cnet’s Laura Hautala this week:
According to Verizon’s annual Data Breach Investigations Report, released Tuesday, ransomware attacks doubled in the last year. That’s especially alarming considering that they doubled the year before, too. … Ransomware accounted for 39 percent of all new malware infections tallied up in the Verizon report, which looks at more than 53,000 security incidents drawn from Verizon cybersecurity customers as well as reports from the US Secret Service and an international consortium of private sector companies.
The numbers match up with findings released Monday by cybersecurity company Malwarebytes, which found that while hackers are targeting consumers with ransomware less frequently, they’re hitting businesses with more of the attacks.
The threat of ransomware was thrown into stark relief last year, when the WannaCry attack, the largest such cyberattack in history, struck over 300,000 machines in 150 countries, exploiting a vulnerability in outdated versions of Microsoft Windows to lock victims out of their computers and demand ransoms of hundreds of dollars to restore access to their documents and data. Most ransomware attacks are much less sophisticated than WannaCry, which the US government ultimately blamed on North Korea, and rely on phishing scams that trick users into handing passwords or other personal data over to hackers, who can use this information to gain control of their devices.
Phishing and ransomware are of concern for HR departments in particular, first because this part of the organization is often a soft target for cybercriminals and second because employee behavior is the main weak point in most organizations’ cybersecurity strategies.
The “WannaCry” ransomware cyberattack that began spreading last Friday quickly affected over 300,000 machines in 150 countries, mostly in Europe and Asia, making it the largest such attack in history and putting in stark relief the threat cybercrime now poses to organizations around the world. WannaCry exploited a vulnerability in outdated versions of Microsoft Windows, and as Washington Post tech writer Brian Fung explained earlier this week, some businesses were hit particularly hard because of a simple lack of resources and attention. There’s no question that if the affected businesses had kept their Windows systems up to date, they would have been protected from this threat, but doing so is often a lot less straightforward than many would assume, especially if cybersecurity isn’t properly ingrained in a company’s culture, or when cybersecurity efforts or IT upgrade initiatives lack the resources they need.
While the WannaCry attack appears to have been more sophisticated than a typical phishing scam, the majority of ransomware attacks (in which the attacker encrypts certain files on a user’s computer, locks them out of vital programs, or freezes their desktop, then demands payment to undo the damage) are conducted through phishing—a confidence scam in which the user is tricked into giving personal information or loading malicious software via email.
Why HR Should Care
Ransomware is—and should be—a major concern for HR departments: HR professionals are particularly vulnerable to such attacks, as they are often accustomed to receiving and opening innocuous emails from outside the organization. Cybercriminals know this and target organizations through their HR departments with malicious software disguised as a job application, résumé, or invoice. A recent phishing attack that compromised thousands of current and former employees at the newspaper publisher Gannett, for example, exploited this vulnerability.
The other reason HR needs to pay attention to cybersecurity is that rank-and-file employees are one of an organization’s foremost lines of defense against hacking.
Ransomware is a form of cyberattack in which the attacker encrypts certain files on a user’s computer, locks them out of vital programs, or freezes their desktop, then demands payment to undo the damage—hence the name. HR professionals are particularly vulnerable to this form of malware as their jobs often require them to open emails and attachments from unknown sources. At ZDNet, Danny Palmer warns of a new ransomware program known as GoldenEye, a variant of the Petya family of ransomware, that exploits this vulnerability by disguising the malicious program as an innocuous job application:
The initial email contains a short message from the fake applicant, directing the victim to two attachments. The first is a covering letter within a PDF which doesn’t actually contain any malicious software, but is intended to reassure the target that they’re dealing with a standard job application. However, the second attachment is an Excel file supposedly containing an application form but which in fact contains the malicious GoldenEye payload.
Upon opening the Excel attachment, the target is presented with a document which claims to be ‘Loading’ and requires them to enable Macros to view the file. When Macros are enabled, GoldenEye executes a code and begins encrypting the users’ files before presenting them with a ransom note using yellow text — rather than the red or green used by other Petya variants.
The new ransomware campaign comes at a time when this type of attack is on the rise. Last month, Computerworld’s Lucian Constantin reported that encryption-based ransomware attacks were becoming more common and that criminals were increasingly targeting enterprises rather than individuals: