New Ransomware Targets HR Departments and Poses as Job Applicant
Tuesday, January 24, 2017 - 5 PM PST
The HR department is often most likely to open attachments from unknown sources.
ZD Net explains:
Cybercriminals are posing as job applicants as part of a new campaign to infect victims in corporate human resources departments with GoldenEye ransomware -- and they're even providing covering letters in an effort to lull targets into a false sense of security.
A variant of the Petya ransomware, GoldenEye targets human resources departments in an effort to exploit the fact that HR employees must often open emails and attachments from unknown sources.
Cybersecurity researchers at Check Point have been monitoring the campaign, which attempts to deliver ransomware to German targets using emails and attachments claiming to be from job applicants. The initial email contains a short message from the fake applicant, directing the victim to two attachments.
The first is a covering letter within a PDF which doesn't actually contain any malicious software, but is intended to reassure the target that they're dealing with a standard job application. However, the second attachment is an Excel file supposedly containing an application form but which in fact contains the malicious GoldenEye payload.