Ransomware Targets HR Teams and Recruitment Consultants
If you work in the world of recruitment you might reasonably expect people, including people you’ve never met before, to send you their job applications. A new ransomware variant, GoldenEye, is taking advantage of this fact to get recruiters to open a malicious excel file which then encrypts their files and demands a bitcoin payment for the decryption key.
Malicious excel files are hardly anything new, and ransomware is one of the key reasons that training staff not to open those suspicious files is so important. This particular attack comes along with some pretty good social engineering – the email is short and to the point, and the pdf cover letter (which is not malicious) contains everything you’d expect from a standard job application. It also primes the recruiter to expect an excel file with aptitude test data in it. Once opened, they are encouraged to “use the editing options” to access the aptitude test data, and from there they get a YOUR_FILES_ARE_ENCRYPTED.TXT ransom message and instructions on how to make payment.
There are certainly some warning flags in there, and well trained employees should be picking them up, but unfortunately in areas of business where unexpected files are normal this type of attack may well be successful. Training and awareness remain key to protecting your business, but its also important to make sure your files are backed up and accessible, users only have rights to access the files they need and you have a response plan in place for if a breach occurs.