GoldenEye ransomware targets HR departments with fake applications

GoldenEye ransomware targets HR departments with fake applications

Information security experts have uncovered a new ransomware campaign that specifically targets businesses' HR departments.

 

The GoldenEye malware, analysed by researchers at Check Point, is spread using malicious emails designed to look like job applications, which are sent to organisations.

 

"The current campaign used to distribute GoldenEye has a job application theme," they wrote in a blog post. "It is therefore aimed at companies’ human resources departments, due to the fact they usually cannot avoid opening emails and attachments from strangers."

 

The messages, which target German-speaking businesses, contain two attachments: a non-malicious cover letter PDF to lull the victim into a false sense of security, and an Excel file containing macros that - when activated - begin the file encryption process.

 

Once it has displayed a ransom note, GoldenEye reboots the victim's computer, encrypts the hard disk while displaying a fake chkdsk screen and shows a boot-level ransom note.

 

The victim is given a "personal decryption code" with a link to a Dark Web site that includes a support page where they can send questions to the cyber criminals behind the attack.

 

According to Check Point, GoldenEye currently demands around 1.3 Bitcoins from each of its victims - or about $1,000 (£812) - to restore access to their files.

 

"We can assume that the actor behind GoldenEye aims to receive $1,000 for each infection, and so the actual ransom amount varies according to BTC price fluctuation," it said.

 

Ransomware is a constant threat to businesses and consumers alike.

 

In December, cyber security experts uncovered a new type of ransomware called Popcorn Time, which gives users their files back for free if they can infect two of their friends.

 

"For enterprises, as well as the threat of Popcorn Time locking up corporate data, there is also a huge reputational risk if it emerges that employees are spreading it to others via their work email," said Fraser Kyne, CTO for the EMEA region at Bromium. "This is clearly a board-level concern, so CISOs should be looking at what safeguards they can put in place to prevent it."

 

For more on GoldenEye, see the Check Point blog.

Copyright Lyonsdown Limited 2020

Top Articles

North Korean hackers indicted for cyber attacks and financial crimes worldwide

Three North Korean hackers were indicted for carrying out a wide range of cyber crimes and stealing more than $1.3 billion in cryptocurrency.

Popular Trends With Ties to Bitcoin

Love it or hate it, Bitcoin is one of the biggest trends around the globe right now.

Why Bitcoin Has the Highest Market Cap?

Not only is Bitcoin the first cryptocurrency ever invented, but it has managed to remain the most successful one, even as the competition grew, namely, today, there are over 2,000…

Related Articles