Hackers are Preying on Human Resources Departments

July 6, 2016 Arctic Wolf Networks

Ransomware is the rock star of the cyberthreat world.

In a recent webinar moderated by SC Magazine, Arctic Wolf Networks' CEO and co-founder, Brian NeSmith, noted that unlike the silent thefts of old, ransomware is extremely theatrical. It literally locks down company computers one by one as it sweeps across the network. It hijacks the screen and sends out grim messages demanding that if you ever want to see your data again, you better pay the ransom. 

That said, encryption malware's bite is just as big as its bark. Once an organization has been infected, its options for data recovery are extremely limited. This is especially problematic as the social engineering tactics used to get the malware on the system continue to become more convincing.

In what's arguably one of the cleverest schemes to date, new strains of ransomware go after the one thing that every organization has in common: the human resources department. 

Petya and other sinister cyberthreats

No discussion of ransomware would be complete without mention of Petya. Discovered in early 2016, Petya is notorious both for how it's delivered as well as for its style of execution once on the system. According to IDG News Service correspondent Lucian Constantin, Petya starts as a seemingly harmless email from an alleged job seeker who is interested in working at your company. Within the body of the email, the "applicant" embeds a link that is supposedly directed to a cloud drive through which a resume and headshot can be accessed. The HR rep might then attempt to download this resume in order to review it.

Then comes the "gotcha" moment. Once downloaded, Petya unleashes on the system. It overwrites the master boot record, causing a computer crash, and then encrypts the file table, making it impossible for the operating system to access the data it needs to function. 

Unfortunately, Petya's only one example of an HR-related raid. SC Magazine's Robert Abel recently reported that Verity Health Systems was victimized by a data breach after hackers posed as an executive in an email and requested access to employee W-2s. 

But even these phishing scams pale in comparison to ransomware. As NeSmith noted in the recent webinar, "Overcoming Ransomware," no cyberthreat is quite so immediate in its damage. It doesn't help that ransomware is so difficult to preempt. 

How can you overcome ransomware?

A good place to start with ransomware prevention is to be vigilant when opening links or documents. In the webinar, NeSmith said organizations can actually conduct training sessions and tests so that employees know what to look out for. 

In the event that an employee still clicks on a malicious link or file download, the first thing that an IT department should do is isolate the device from the network. This will prevent malware from spreading. It's then important to verify that no other devices have been infected. From here, IT can work to recover the device, and do a post-op of the incident to understand what happened. 

"Detecting ransomware early and quickly responding is key to mitigating damages."

Unfortunately, encryption and firewalls are more or less useless against ransomware. NeSmith said that a strong web gate can certainly help weed out the threats, but that technical measures can only do so much – user awareness is still the best defense. 

NeSmith closed out by noting that having a response plan in place is equally as important. Detecting ransomware early and quickly responding is key to mitigating damages, which is why managed detection and response (MDR) services are such an important component of modern cybersecurity strategies.

To learn more about MDR, contact Arctic Wolf Networks today.


Previous Article
Top 3 Cybersecurity Challenges, Part 1: Ransomware

Ransomware may just be the most malicious leg of the cyberthreat trifecta.

Next Article
3 Common Actions That Can Leave Health Care Organizations Exposed

Health care organizations need to avoid the following three actions.


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!