Seemingly Legit Resume actually contains Crypto-Malware

The malicious email, targeted at a company’s resume screening department, is equipped with file encryption capabilities.

A new ransomware having capabilities of file encryption is being flung at the company workers that perform resume screening for job seekers.

This malware is distributed through a short and precise email message that appears legitimate and informs about the availability of a CV/resume in the attachment. Thus, the recipient is encouraged to open the attachment.

However, this email contains CryptoWall and it is unclear if the cybercriminals launched a series of similar messages for catching victims or it is a targeted attack.


For removing suspicion of fraud, the attackers incorporated a brief introduction of the supposed job candidate by providing a believable name and asking for opening the attached file for further information.

Police Dept. In Massachusetts Paid Crypto-Malware Ransom To Retrieve Files The email reads:

“Hi, my name is . I am herewith submitting my Resume under attachment for your perusal. Thank you.”

However, hidden in that attached document is an archive containing a JavaScript coded with commands to download a version of CryptoWall ransomware.

When the malware is executed on the system, it instantly starts encrypting the files stored on the hard disk and holds the data hostage till the demanded fee is paid in exchange of the decryption key/code.

Related Posts