Hackers Are Infecting Job Applications with Ransomware

By Dinah Brin January 12, 2017
Hackers Are Infecting Job Applications with Ransomware

HR departments are being targeted by a new ransomware attack that comes disguised as a job application.

The cybercriminals behind the attacks demand about $1,000 in digital currency called bitcoin to restore data on infected computers, according to a recent blog post by Check Point Software Technologies Ltd.

One bitcoin is worth roughly $894, according to Coindesk, a site that tracks news and information about digital currencies.

Once an applicant applies for a job by filling out the online application, they may be asked to e-mail additional files. The malware arrives in an e-mail with two attachments—a benign PDF that appears to be an applicant's cover letter and an Excel file containing infected macros—reported Check Point, a San Carlos, Calif.-based malware-protection firm. This ransomware is a variant of one called Petya, which was developed by a cybercriminal who goes by the name Janus, according to Check Point.

Victims receive a ransom message on their screen telling them that their hard disk has been "infected with a military grade encryption algorithm. There is no way to restore your data without a special key" that only the cybercriminals can provide.

Petya and other malware are sold as ransomware-as-a-service products, so it's "very likely" that more than one cybercriminal is using this type of malware, Check Point said.

To avoid a malware infection, ZDNet advises, don't enable macros on Microsoft Office documents and watch for unanticipated or notably generic e-mails.

"The most effective solution revolves around security awareness training, specifically utilizing phishing simulation training," said Robert Siciliano, CEO of Boston-based security firm IDTheftSecurity.com, in an interview with SHRM Online.

"With phishing simulation training, the employee will be put in a position to recognize fraudulent communications that will infect the network. [Employees] will develop skill sets to be hyperaware when a potentially insecure e-mail comes across their desktop," he said.

Another potential solution is to upload any attachments to a Web-based server such as Google Docs, so files are opened online rather than locally Siciliano said to help protect your computer system since opening the Google doc isolates the file to the cloud, which may offer additional protections. "This also means ensuring that all hardware and software is properly updated with the latest antivirus, anti-spyware [and] anti-phishing [measures] and a firewall," he noted, "and making sure the device's operating system is up to date as well.

Ransomware and malware are the most common malware used to infect victims, which includes everyone, including your company's chief financial officer, vice president of HR or staff person, said cybersecurity expert Gary S. Miliefsky, CEO of counterintelligence technology firm SnoopWall, in an interview with SHRM Online. "It's convenient," since these employees send and receive many e-mails, he said.

HR employees also usually have access to a treasure trove of personally identifiable information (PII), Miliefsky noted.

[SHRM members-only sample policy: Security: Personal Identity Information (PII) Security, Notification and Confidentiality Policy]

"Hackers are making tons of money selling these stolen PII records on the black market. There are a bunch of things you can do to get proactive, but leaving it to your firewall and anti-virus is only going to get you infected," Miliefsky said.

So-called spear-phishing attacks—targeted e-mails that appear to be from sources you trust but that have malicious attachments—are the most common approach that hackers take, he said. "So, you could begin an anti-phishing training campaign, or you could buy anti-phishing and breach-prevention tools and technologies that focus on this problem, where your current firewall and anti-virus software can't help you," Miliefsky said.

Among other measures, a firm could upgrade to encrypted-only e-mail, sharing messages only with those using the same encryption, he said.

"Now is the time to take these kinds of proactive steps before you become the next victim," Miliefsky said.

This isn't the first time recruiters have been targeted by cybercriminals. As SHRM reported in 2015, hackers uploaded malware-infected resumes to job boards in an effort to obtain HR data.


Dinah Wisenberg Brin is a Philadelphia, Pa.-based freelance reporter and writer who covers HR, entrepreneurship, health, business, personal finance and logistics.


Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.



Job Finder

Find an HR Job Near You
Search Jobs


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect

HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.