Support through your toughest HR challenges: A network of 285,000 HR professionals.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
The latest strain of ransomware sweeping workplaces is called Locky: It locks, scrambles and renames all of your files, giving them the extension “.locky.”
Experts say once your files have been seized, the quickest way to retrieve them is to pay the ransom. Some thieves demand payment in bitcoin on the dark web.
Sophos, a security software and hardware company, reports that the average price to retrieve files is $400.
Cybersecurity experts began noticing Locky in the U.K. on Feb. 16. It appeared in infected word documents in the U.S. the following day.
Here’s how it works:
“It’s professional malware,” Stu Sjouwerman, chief executive officer at
KnowBe4, a cybersecurity consulting group in Clearwater, Fla., told SHRM Online. Not only does it “encrypt files on … the hard disk of the computer,” it also encrypts files on any mapped drives, “which is the scary part.”
It’s a new version of an old trick, he said, calling Locky a “double social engineering attack.”
Receivers of this e-mail are encouraged to first open the Word document to view something like an invoice, for example. Then when they view the scrambled document, they’re tricked again into running a macro that downloads the virus.
This particular kind of attack is brand new for ransomware, he said.
“Malicious macros in Microsoft Office have existed since the ’90s, but the combination of social engineering, macros and ransomware is definitely a combination we have not seen before,” he said.
According to Larry Abrams of
BleepingComputer, a computer support company, “… it is safe to say that [virus’ like these] is going to become the norm. Like CryptoWall [another ransomware virus], Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data.”
Sjouwerman noted, “If you trust antivirus software and [think] your users [are] not clicking ‘Enable macros,’ you are going to have a problem. You can’t just disable all macros across the whole company because a lot of legacy code relies on macros.”
KnowBe4 advises HR professionals to ask their IT teams to take the following steps:
Once this has been done, “if Mr. Bad Guy e-mails Joe in accounts payable a bad file, the macro won’t run,” Sjouwerman said. But above all else,
it’s important to train employees, he emphasized.
The lesson for HR?
“Teach your users not to enable macros in Word files [they] didn’t ask for. That’s the security awareness training part of this whole thing.”
Aliah D. Wright is an online editor/manager for SHRM.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies