The malicious email, targeted at a company’s resume screening department, is equipped with file encryption capabilities.
This malware is distributed through a short and precise email message that appears legitimate and informs about the availability of a CV/resume in the attachment. Thus, the recipient is encouraged to open the attachment.
For removing suspicion of fraud, the attackers incorporated a brief introduction of the supposed job candidate by providing a believable name and asking for opening the attached file for further information.
The email reads:
“Hi, my name is [first and last names removed]. I am herewith submitting my Resume under attachment for your perusal. Thank you.”
When the malware is executed on the system, it instantly starts encrypting the files stored on the hard disk and holds the data hostage till the demanded fee is paid in exchange of the decryption key/code.