HR Departments Become the Latest Victims of Widespread Ransomware Attacks

In a play on the James Bond cybercriminal group, GoldenEye is rapidly becoming the latest ransomware campaign to attack unsuspecting corporate victims.

Throughout 2015 and 2016 media outlets regularly covered cyber attacks on healthcare institutions. However, as 2017 begins, IT cyber security experts are now turning the spotlight on the latest type of ransomware attack. GoldenEye Ransomware is part of a new cyber campaign that is designed to attack corporate human resource departments with the one thing they are preconditioned to download — applicant resumes and documents.

Human Resources Ransomware

How Are HR Departments Being Targeted By Ransomware Attacks?

GoldenEye is a prime example of a cybercriminal’s ability to adapt their attacks to best exploit a victim’s weakness. In the case of corporate human resource departments, employees often receive emails from unknown email addresses. More often than not the latter emails, and their attachments, are from viable job applicants. However, GoldenEye is purposefully exploiting that vulnerability against German targets.

The ransomware campaign currently targets corporate human resource departments for German companies. It begins by sending an initial email that contains a short message from a fake applicant. The message directs the victim towards two attachments. The first attachment is a PDF that includes the fake applicant’s cover letter. Upon opening the first attachment, the victim is then more likely to quickly open the second attachment, which is an Excel file supposedly containing the application form. However, the stark reality is that the Excel file actually contains the malicious GoldenEye payload.

Once the Excel attachment has been downloaded, the victim is then positioned with a file that appears to be “loading.” To expedite the process, the victim is told that the file can only be viewed if Macros are enabled. Once Macros are enabled, GoldenEye instantaneously executes code that begins to encrypt the user’s files. The ransom note is then delivered using a yellow text.

Typically the GoldenEye ransom note demands that the victim pay 1.3 bitcoins, or approximately U.S. $1,000 to retrieve their encrypted files. The perpetrators go one step further by instructing the victim on the proper methodology for acquiring bitcoin via the dark web. They even offer the “help” of exchanging messages with a GoldenEye administrator if the victim is having trouble obtaining the correct bitcoin payment or the subsequent decryption process.

Who Is Beyond GoldenEye And How Can HR Departments Protect Their Files?

GoldenEye is believed to be the product of the developer behind the Petya ransomware. The developer is said to be operating under the alias Janus, and for anyone familiar with the 1995 James Bond film GoldenEye, is apparently borrowing the now infamous cyber criminal group name. Experts also believe that the GoldenEye campaign is responsible for ransomware-as-a-service schemes, whereby any amateur hacker can cash-in via cyber extortion.

Human resource departments can avoid falling victim to GoldenEye by refusing to enable Macros within Microsoft Office documents. Also, human resource departments should be mindful of overly generic email messages. By exercising a “when in doubt, alert someone” mentality, human resource departments can work hand-in-hand with IT security teams to avoid the GoldenEye and other ransomware campaigns. To learn more about how you can protect your company from GoldenEye and other cybercriminal attacks, contact Dynamic Quest.


Managed Services
Managed IT Managed Service Desk Managed Cloud Services Managed Security Services Managed Backup and Disaster Recovery VOIP Phone Systems
Professional Services Page
IT Projects Migration Services Office 365 Development Business Systems Support Azure Cloud Solutions Anything as a Service (XAAS) Carrier Services
Archives by Subject

The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).

Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).

It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.

The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).

The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.

Large Healthcare Company

40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).

The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.

More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.

We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.

Steve Fout, VP Sales, Godlan, Inc

We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.

Denise Koontz, CFO, Got You Floored

“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”

Dynamic Quest

Our Vendors