HR Departments Become the Latest Victims of Widespread Ransomware Attacks

In a play on the James Bond cybercriminal group, GoldenEye is rapidly becoming the latest ransomware campaign to attack unsuspecting corporate victims.

Throughout 2015 and 2016 media outlets regularly covered cyber attacks on healthcare institutions. However, as 2017 begins, IT cyber security experts are now turning the spotlight on the latest type of ransomware attack. GoldenEye Ransomware is part of a new cyber campaign that is designed to attack corporate human resource departments with the one thing they are preconditioned to download — applicant resumes and documents.

Human Resources Ransomware

How Are HR Departments Being Targeted By Ransomware Attacks?

GoldenEye is a prime example of a cybercriminal’s ability to adapt their attacks to best exploit a victim’s weakness. In the case of corporate human resource departments, employees often receive emails from unknown email addresses. More often than not the latter emails, and their attachments, are from viable job applicants. However, GoldenEye is purposefully exploiting that vulnerability against German targets.

The ransomware campaign currently targets corporate human resource departments for German companies. It begins by sending an initial email that contains a short message from a fake applicant. The message directs the victim towards two attachments. The first attachment is a PDF that includes the fake applicant’s cover letter. Upon opening the first attachment, the victim is then more likely to quickly open the second attachment, which is an Excel file supposedly containing the application form. However, the stark reality is that the Excel file actually contains the malicious GoldenEye payload.

Once the Excel attachment has been downloaded, the victim is then positioned with a file that appears to be “loading.” To expedite the process, the victim is told that the file can only be viewed if Macros are enabled. Once Macros are enabled, GoldenEye instantaneously executes code that begins to encrypt the user’s files. The ransom note is then delivered using a yellow text.

Typically the GoldenEye ransom note demands that the victim pay 1.3 bitcoins, or approximately U.S. $1,000 to retrieve their encrypted files. The perpetrators go one step further by instructing the victim on the proper methodology for acquiring bitcoin via the dark web. They even offer the “help” of exchanging messages with a GoldenEye administrator if the victim is having trouble obtaining the correct bitcoin payment or the subsequent decryption process.

Who Is Beyond GoldenEye And How Can HR Departments Protect Their Files?

GoldenEye is believed to be the product of the developer behind the Petya ransomware. The developer is said to be operating under the alias Janus, and for anyone familiar with the 1995 James Bond film GoldenEye, is apparently borrowing the now infamous cyber criminal group name. Experts also believe that the GoldenEye campaign is responsible for ransomware-as-a-service schemes, whereby any amateur hacker can cash-in via cyber extortion.

Human resource departments can avoid falling victim to GoldenEye by refusing to enable Macros within Microsoft Office documents. Also, human resource departments should be mindful of overly generic email messages. By exercising a “when in doubt, alert someone” mentality, human resource departments can work hand-in-hand with IT security teams to avoid the GoldenEye and other ransomware campaigns. To learn more about how you can protect your company from GoldenEye and other cybercriminal attacks, contact Dynamic Quest.

Our Vendors