Not a Member? Get access to HR news and resources that you can trust.
Don't leave the task of calculating total cost of workforce to the finance department.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
60+ new SHRM Seminar dates in 10 U.S. cities and virtually.
Expand your influence and learn how to become an effective leader -- Join us in Phoenix, AZ, October 2-4, 2017.
The latest strain of ransomware sweeping workplaces is called Locky: It locks, scrambles and renames all of your files, giving them the extension “.locky.”
Experts say once your files have been seized, the quickest way to retrieve them is to pay the ransom. Some thieves demand payment in bitcoin on the dark web.
Sophos, a security software and hardware company, reports that the average price to retrieve files is $400.
Cybersecurity experts began noticing Locky in the U.K. on Feb. 16. It appeared in infected word documents in the U.S. the following day.
Here’s how it works:
“It’s professional malware,” Stu Sjouwerman, chief executive officer at
KnowBe4, a cybersecurity consulting group in Clearwater, Fla., told SHRM Online. Not only does it “encrypt files on … the hard disk of the computer,” it also encrypts files on any mapped drives, “which is the scary part.”
It’s a new version of an old trick, he said, calling Locky a “double social engineering attack.”
Receivers of this e-mail are encouraged to first open the Word document to view something like an invoice, for example. Then when they view the scrambled document, they’re tricked again into running a macro that downloads the virus.
This particular kind of attack is brand new for ransomware, he said.
“Malicious macros in Microsoft Office have existed since the ’90s, but the combination of social engineering, macros and ransomware is definitely a combination we have not seen before,” he said.
According to Larry Abrams of
BleepingComputer, a computer support company, “… it is safe to say that [virus’ like these] is going to become the norm. Like CryptoWall [another ransomware virus], Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data.”
Sjouwerman noted, “If you trust antivirus software and [think] your users [are] not clicking ‘Enable macros,’ you are going to have a problem. You can’t just disable all macros across the whole company because a lot of legacy code relies on macros.”
KnowBe4 advises HR professionals to ask their IT teams to take the following steps:
Once this has been done, “if Mr. Bad Guy e-mails Joe in accounts payable a bad file, the macro won’t run,” Sjouwerman said. But above all else,
it’s important to train employees, he emphasized.
The lesson for HR?
“Teach your users not to enable macros in Word files [they] didn’t ask for. That’s the security awareness training part of this whole thing.”
Aliah D. Wright is an online editor/manager for SHRM.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies