An email hacking virus is now targeting HR departments and forcing professionals to pay a ransom or lose all of their files.
The Inquirer reports that a ransomware called GoldenEye is targeting the departments with fake job applications, taking advantage of the fact that HR are accustomed to opening emails from unknown sources. The scam, which is playing out in Germany, starts with a relatively normal looking job application with two files attached.
The first is a normal CV, designed to lure you into a false sense of security, whereas the second contains malicious software.
Check Point, a security firm, explained: “When a user clicks ‘Enable Content’, the code inside the macro executes and initiates the process of encrypting the files, denying the victim access to his or her files.
“GoldenEye then, appends a random eight-character extension to each encrypted file. After all the files are encrypted, GoldenEye presents the ransom note: ‘YOUR_FILES_ARE_ENCRYPTED.TXT’. After displaying the ransom note, GoldenEye forces a reboot and starts encrypting the disk.
"This action makes it impossible to access any files on the hard disk. While the disk undergoes encryption, the victim sees a fake ‘chkdsk’ screen, as in previous Petya variants."
The ransom note demands 1.3 BitCoins (BTC), which is the equivalent of £810, for the return of the data.