How To Protect your HR Department from Ransomware

Ransomware has been around for a long time and has proven itself to be a major threat for both businesses and individuals, and you only have to keep an eye on the news to know that the threat continues to rise. Ransomware has recently been defined as ‘a type of malicious software designed to block access to a computer system until a sum of money is paid.’ But what does this have to do with an HR Advisor in Manchester? Surely hackers just target large businesses? Well, unfortunately not. We have recently been made aware of a ransomware attack on various HR departments in Germany – which means there is potential for such an attack to happen over here.

The recent attack in Germany started with emails that looked like genuine job applications, even containing a short message from the supposed applicant and two attachments. One attachment was a cover letter designed to lull the receiver into a false sense of security, while the other attachment was an Excel file which contained the ransomware. When security firm Check Point investigated these attacks, they found that the campaign was specifically targeting HR professionals as the hackers are wise to the fact that we usually cannot avoid opening emails and attachments from people that we don’t know.

Email hacking is nothing new; it has been used as a method of spreading different malware types for a long time now. However, this new campaign seems to be a way of distributing viruses from the GoldenEye ransomware family, which is the latest version of the Mischa and Petya malware duo that appeared in the Spring of last year.

The campaign targeting HR professionals is designed to trick the receiver into opening the second infected file. When the email receiver clicks on the letter, it contains a picture of a flower with the word ‘loading’ underneath, and further text asking them to ‘enable content so that the macros can run’. When the user then clicks ‘enable content’ the code inside the macro is executed, and this then encrypts the user’s files denying them access to them.

The GoldenEye ransomware then adds an 8-character extension to each encrypted file, and once all the files are encrypted, it will present the user with a ransom note such as ‘YOUR_FILES_ARE_ENCRYPTED.txt’. After this note is presented, GoldenEye then forces a reboot of the computer and starts to encrypt the hard disc drive. This then makes it impossible for the victim to access any files on the hard disc drive. Another ransom note then appears which presents the victim with a personal decryption code to enter on a Dark Web portal in order to be able to pay the ransom and retrieve access to their files.

The current ransom being demanded by GoldenEye is around 1.3 BitCoins (BTC) which works out at about £810, but variations have been seen. Investigators believe that the aim of the hackers is to achieve around £1000 per attack and so the actual ransom amount will vary depending on BTC price fluctuation.

Now all this probably sounds a little scary, and believe me; you don’t want to fall victim to it. There is an easy way to stay safe online, though, and that is to never enable Macros on Microsoft Office documents and also stay mindful of overly generic or unexpected email messages.

For more information on our HR advisory services, please call us today on 0333 050 3330 or send us an email to