Ransomware Gets Specific

Ransomware Gets Specific

As always, malware continues to grow in sophistication and power. Here’s another case in point. We’ve been closely following ransomware as it expands its primary focus from individuals to include businesses. Now we’re seeing the next evolution of this ugly form of crimeware.

A recent wave of enhanced ransomware has appeared that targets not just businesses, but their specific human resource (HR) department.

Based on the assumption that businesses will readily open email attachments from job applicants, malware authors are sending legitimate looking but infected resumes in direct response to a company’s job advertisements. Unsuspecting HR staff members are eagerly opening the attachments, and quickly become ransomware victims.

In at least some cases, the emails include two attachments. A PDF resume or cover letter, and an Excel file. The PDF file is benign. It gains the victims trust and entices them to open the Excel file, which contains the actual ransomware. Once the spreadsheet is opened and content is enabled, malicious code executes and starts encrypting files on the victim’s computer. Shortly afterwards a ransom note is displayed, demanding payment in order to decrypt the files.

The specific targeting of the HR department is a stark reminder that cyber criminals are both cunning and relentless. Unfortunately, most businesses are unprepared for this new threat, and a lot of them will become victims.

Click here to learn more about Lastline’s protection from ransomware and other forms of advanced malware.