GoldenEye ransomware targets HR departments with fake applications

GoldenEye ransomware targets HR departments with fake applications

Information security experts have uncovered a new ransomware campaign that specifically targets businesses’ HR departments.


The GoldenEye malware, analysed by researchers at Check Point, is spread using malicious emails designed to look like job applications, which are sent to organisations.


“The current campaign used to distribute GoldenEye has a job application theme,” they wrote in a blog post. “It is therefore aimed at companies’ human resources departments, due to the fact they usually cannot avoid opening emails and attachments from strangers.”


The messages, which target German-speaking businesses, contain two attachments: a non-malicious cover letter PDF to lull the victim into a false sense of security, and an Excel file containing macros that – when activated – begin the file encryption process.


Once it has displayed a ransom note, GoldenEye reboots the victim’s computer, encrypts the hard disk while displaying a fake chkdsk screen and shows a boot-level ransom note.


The victim is given a “personal decryption code” with a link to a Dark Web site that includes a support page where they can send questions to the cyber criminals behind the attack.


According to Check Point, GoldenEye currently demands around 1.3 Bitcoins from each of its victims – or about $1,000 (£812) – to restore access to their files.


“We can assume that the actor behind GoldenEye aims to receive $1,000 for each infection, and so the actual ransom amount varies according to BTC price fluctuation,” it said.


Ransomware is a constant threat to businesses and consumers alike.


In December, cyber security experts uncovered a new type of ransomware called Popcorn Time, which gives users their files back for free if they can infect two of their friends.


“For enterprises, as well as the threat of Popcorn Time locking up corporate data, there is also a huge reputational risk if it emerges that employees are spreading it to others via their work email,” said Fraser Kyne, CTO for the EMEA region at Bromium. “This is clearly a board-level concern, so CISOs should be looking at what safeguards they can put in place to prevent it.”


For more on GoldenEye, see the Check Point blog.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]