Attackers placed Brewery job ads on recruitment sites worldwide to provide cover for their phishing emails
The phishing email delivering the ransomware that hit Arran Brewery this month was sent under the cover of CV spam, after the attackers placed a legitimate job advert for the brewery on recruitment sites worldwide.
The attackers demanded payment in bitcoin worth about £9,600 after the ransomware-bearing CV they sent was opened.
The ransomware locked staff at the Brewery out of computer systems, although the company declined to pay up and lost three months of sales data from one of its servers as a result.
“We advertise job vacancies on our website. One such job vacancy was for a credit control and finance assistant post, now filled. Out of the blue we started getting applicants for the post from all over the country and the world,” managing director Gerald Michaluk told the BBC.
The attackers had taken our website vacancy and posted it on some international jobs site. We were getting three of four emails a day, all with attached CVs.
He continued: “I assumed one of my colleagues had advertised the post. However, this was not the case.
The attackers had taken our website vacancy and posted it on some international jobs site. We were getting three of four emails a day, all with attached CVs. The virus was in among the genuine job seekers, and when the CV was opened it took effect.”
Michaluk has spoken out about the attack in the hope that other organisations will be more aware of the early signs of an attack, and be able to act before they get struck.
He added: “I hope if anyone finds themselves in a similar position they can recognise the modus operandi of these bandits and not have the same issues we have had.”
The Brewery, based on the Isle of Arran in the Clyde estuary, made a “brave” decision, according to Barry Shteiman, vice president of research and innovation at security intelligence company Exabeam. He suggested that, more commonly, organisations pay-up if recovery looks more expensive and time consuming than simply paying up.
Caroline Seymour, director of product marketing at Zerto, suggested that half of all organisations have suffered some form of “unrecoverable data event” in the last three years. Organisations therefore need not just to ensure that they have robust security and up-to-date back-ups in place, but to test them, too.
Article from Computing.co.uk