A ransomware currently is spread across company workers who are handling job candidates’ resumes. The new ransom threat is distributed with the help of a short email message informing about an attached CV. If the company representative is tricked by the email, a ransomware with file encryption competence will be activated.
The ransomware is yet another variant of the infamous CryptoWall that has already affected hundreds of users. Unfortunately, security experts have not yet clarified if the attack is targeted or a batch is sent off with the hope to influence as many workers as possible.
The message looks legitimate, experts say.
The authentic look is achieved by the inclusion of a short introduction of the supposed candidate. A name is given along with a suggestion to open the attachment for more detailed information. Here is what the message looks like:
“Hi, my name is [first and last names deleted]. I am herewith submitting my Resume under attachment for your perusal. Thank you.”
Instead of actual curriculum vitae, the company representative opens an archive containing a malicious JavaScript code giving instructions on how to download a variant of CryptoWall ransomware.
From this moment on, the story goes as suspected – hard disc files are being encrypted, and will not be decrypted until a ransom is paid, and a decryption key is given.
CareerBuilder services are also compromised.
Experts announced earlier this month that the CareerBuilder official website had been affected by a similar threat. Even though spreading malware through malicious email attachment is not news, disguising the threat as a resume is a brand new method.
In the case of the intrusion on the CareerBuilder website, the cybercriminals took advantage of the legitimate page to spread their piece of malware. Companies and businesses will have to reconsider their security tactics to stay protected against such cyber hazards.