Last year I wrote an article after I received an email that was intended to go to our Human Resources department. I noticed some red flags in the email and was able to conclude that it was a phishing attempt. I got to thinking from the cybercriminals perspective about how easy it would be to compromise the Human Resources department with ransomware due to the high volume of applications that many companies receive. I had no idea how accurate my thoughts would turn out to be.
Check out the article I wrote March 28th, 2016.
Gone Phishing: Why Human Resources is Vulnerable to Crypto Ransomware Attacks
Fast forward 10 months, and the headlines show that my prediction has come true. I stumbled upon the following article recently on Spiceworks and what I found was very interesting.
Snap! New ransomware targets HR departments, Kingston launches 2TB thumb drive
In the article by Aaron W of Spiceworks, Aaron reports “A newly discovered ransomware campaign is targeting human resource (HR) departments with fake job applications that go so far as to include cover letters to mask their malicious payload.” This new variant is called “GoldenEye”.
WatchPoint previously wrote about and discussed GoldenEye as well. Here is a link to the article.
GoldenEye Ransomware - A New Variant of Petya Ransomware
It is important that all employees are educated about phishing attempts; however it has been proven time and again that even with regular employee training, employees will still be fooled by phishing emails. A study by Security Affairsfound that only 3% of those surveyed were able to identify all 10 phishing emails presented to them. The survey pool consisted of people from 144 different countries and over 19,000 were surveyed.
How can I protect HR from ransomware?
Employee education goes a long way but as we have concluded again and again it absolutely will not stop all ransomware. You should make sure you have good backups in case of an attack but backups are not preventative, rather they are a reactive solution, and it can be time consuming to run file restores. Do you want to load backups to restore encrypted data while your employees are unable to work and customers are coming through the door? An hour of downtime could cost upwards of $10,000 or more depending on the size and scope of the business. You can rely on SRPs and whitelisting but the fact is these solutions cannot stop malware that is able to operate with system-level privileges either through a privilege escalation vulnerability or other methods of infection. Advanced persistent threats use software exploits to compromise machines so relying on whitelisting to protect against phishing emails, watering hole attacks or other forms of targeted attacks is not 100% effective.
The Best Protection Against Ransomware
There are a wide range of things you can do today to protect your network from ransomware attacks. In the article Best Ransomware Protection we outline a number of steps you can take to stop ransomware, but out of all the suggestions, there is only one way to stop ransomware that doesn’t require constant administration to ensure protection and doesn’t rely on signatures like antivirus. CryptoStopper, which was developed by WatchPoint, uses Deception Technology in the form of watcher files placed in your important network shares. CryptoStopper continuously monitors the watcher files for the encryption process to start and will identify the ransomware attack in seconds. CryptoStopper will immediately isolate the infected workstation from the network then shut down the workstation. Lastly, it will send you an email notification letting you know a ransomware attack has been discovered and contained.
Stay Tuned….
CryptoStopper Workstation Version coming soon!
