By Paul Finkle, CMC, SPHR – President & CEO/Principal
For those who are unfamiliar with “ransomware”, it is a common scam used by international cyber-criminals to extract money from hapless individuals and corporate users. Basically, the perpetrator gets an unsuspecting user to click on malware, which then infects and locks the user’s system and/or data. Once infected, the cyber gang is alerted and contacts the individual user for money (ransom payment) otherwise they threaten to erase or permanently disable access to data. The particular threat, which has recently been used against HR departments, is called the Petya ransomware. It is primarily spread using the above referenced technique known as “spear-phishing”.
Here is a typical scenario. The unsuspecting HR employee is sent an email (often disguised as from an internal employee) which includes a link to a file stored on Dropbox. It says, for example, that an applicant’s resume can be downloaded. The unsuspecting employee clicks on the file (which is actually an “exe” file named “portfolio-packed.exe”) if clicked upon it will crash the system leaving the user with the standard Windows blue screen.
According to reports from Europe, as soon as the user restarts the PC, the computer will enter a fake check disc process that loads the Petya’s lock screen at the computer’s BIOS level. Rebooting the computer multiple times simply repeats the process and will not work. Next, the user will be directed to the ransomware’s payment site hosted on Tor. The user will be required to purchase a decryption key which can be entered at the DOS lock screen.
The sad truth is that a firm’s security is only as good as its least careful user. This is the first case we have heard of ransomware being used on HR departments. Clearly, HR data would be an identity thief’s treasure chest, and as an internal department with a high volume of email, HR departments should take this as a warning to increase their guard, train their employees, and remind everyone to quarantine and refrain from clicking on suspicious files and emails. All employees should be trained never to click on files with exe extensions. You should contact your computer network professional to discuss the use of Bitdefender or similar product to protect your network.