HR Departments New Ransomware Target

By:  |  Category: Security Tuesday, June 13th, 2017  |  No Comments

HR Departments New Ransomware Target

In the newest blitz of targeted social engineering ransomware attacks–your HR department is now under siege and HR departments have become the newest Ransomware target. Cybercriminals pretending to pursue fake job postings are using applications to gain entry into your system.  They use what’s called “GoldenEye Ransomware” and are savvy enough to include a cover letter in their schemes knowing that HR employees are more likely to open links and emails from people they are unfamiliar with.

The Scam

The first email in the scheme is a short message from the job applicant along with two attachments. One is a standard PDF cover letter that is harmless and appears authentic. The second attachment is a malicious Excel file posing as a job application. In the file is embedded the Golden Eye virus.

When the HR employee opens the Excel attachment, they are presented with a document which claims to be ‘Loading’ and requires them to enable Macros to view the file. When the Macros are enabled, GoldenEye executes a code and begins encrypting the users’ files before presenting them with a ransom note using yellow text–unlike the red or green used by other Petya variants.

James Bond Wanna Be’s

It’s theorized by researchers that the developer behind Petya ransomware is going by the alias Janus–copying the name of the cybercriminal group in the 1995 James Bond film GoldenEye.

In order to avoid this costly hijacking, warn your HR employees to take extra precaution and to only open files from known sources.

If you are interested in determining your network’s vulnerability–give EnhancedTECH a call for a free ransomware consultation at 714-970-9330.


Image Source: https://www.pexels.com/photo/selective-focus-photo-of-man-in-official-shirt-sitting-in-office-working-on-laptop-2451645/

Leave a Comment
Read previous post:
Wanna Cry
WannaCry? Hackers Infecting Hundreds of Thousands Worldwide

You may have seen the news this weekend. Criminal hackers have released a new strain of ransomware now aptly titled...