HR departments and talent acquisition teams house copious amounts of data from current and prospective employees. Some include fake job applications that target HR departments, known as HR ransomware. With attacks on the rise, relevant teams should raise their cybersecurity awareness and stay in touch with the latest ransomware trends in the industry to keep other applicants, the company and its clients safe.

What Are Job Application Cybersecurity Risks?

Threat actors can submit fake job applications with ransomware embedded into email attachments. Applications submitted through the employer’s website or a third-party program are also vulnerable, especially if the parent company doesn’t verify the outside source’s security measures.

There are a few specific HR ransomware strains that are popular. Petya is a prevalent one that makes machines unbootable. Alongside fake job applications, Petya can attach a convincing cover letter too. Hackers are taking advantage of how hiring teams operate on autopilot — they frequently open attachments in emails or from submitted documents without a second thought because they request so many during the application process.

The emails are usually inconsequential — a standard applicant email with secretive ransomware as an unfortunate bonus. It tricks people who open it to enable an executable to begin the attack, and because it’s a job application, specific applications for high-profile roles might move throughout an organization to management and stakeholder inboxes, expanding the problem rapidly.

Hackers are also getting on job websites like CareerBuilder and LinkedIn and creating fake accounts to submit ransomware-laden applications — attacking from all angles. HR ransomware is becoming a problem worldwide for all employers, so everyone must train themselves on detection and prevention tactics.

How to Detect Malicious Applications

When infamous examples like Petya exist, recruiters can learn the calling cards. For example, these emails generally come through spam and include a Dropbox link to the fake photo and resume — when in reality, the ransomware is working in the background. HR departments could avoid all emails with these links and instead create a standardized application system and file format to identify red flags.

Other ransomware installations — Petya included — may generate a prompt with a checkbox or button once the worker downloads the application. People should remain skeptical of agreeing to download from an unknown source or a request to run macros. Usually, this is the person providing consent for the ransomware to install. Be aware of suspicious pop-ups at all times.

Ultimately, every team should work with cybersecurity analysts and IT professionals to receive ransomware training and instruction on best cybersecurity hygiene. They can learn to navigate malware and ransomware detection software to identify threats better. Most incidents occur through human error, and training is one of the most comprehensive ransomware prevention methods.

Workers can also learn about social engineering and how internal staff can cause holes in defenses. Keeping watch for suspicious activity within the department sounds counterintuitive, but it’s possible.

If HR staff learns to trust their intuition and remain cautious when dealing with attachments and links — especially from generic emails that resemble spam — they could halt many potential breaches.

How to Respond to an Application Ransomware Attack

Few companies are perfect — in fact, every HR department should suspect some data breach in the future with the rise of frequent and creative ransomware attacks. Fake job applications are just a new variant, with many more to come. If someone unintentionally ignites a ransomware attack with valuable employee data at stake, how should they respond?

Collaborate to Notify and Isolate Systems

Reach out to the experts. Hackers want to target HR departments because they have less expertise. HR and talent acquisitions teams can communicate with analysts to describe how, where and when the ransomware was installed so they can isolate and power down the network to protect data and business-critical operations as fast as possible.

Contain the Threat and Begin the Restoration

Cybersecurity triage includes detection, remediation and recovery. Companies will have to determine how to deal with the ransom price if they don’t have sufficient data backups to replace what hackers compromised. Every year, cybercrimes will cost 15% more, reaching around $10.5 trillion by 2025 — provoking companies to take proactive rather than reactive measures to protect organizational information.

Additionally, they can report suspicious activity to relevant regulatory bodies for higher degrees of investigation.

Spread the Word and Continue Learning

Employees that catalyzed the attack can take action by spreading the word about their experience. Hearing about these events firsthand within the HR sector can make awareness more impactful and relevant, especially when cyber threats give off the illusion that they are unlikely to occur in most places.

Hopefully, every attack is an inspiration to continue education on best ransomware detection and prevention practices so it keeps employees and businesses safe from hackers.

When Cybersecurity and Talent Acquisition Team Up

HR ransomware and fake job applications are running amok in previously legitimate spaces. Teams should remain cognizant of sketchy emails and attachments that might contain malicious programs.

Once analysts find ways to combat emerging threats, cybercriminals get more inventive. Fortunately, there are ways to control and deal with ransomware, but this strange trend signals that more talent acquisition scams might be coming.

Zac Amos

Zac Amos is the Features Editor at ReHack, where he covers business technology, cybersecurity, and other trending tech topics. For more of his work, follow him on Twitter and LinkedIn.