Dive Brief:

• Engadget reports that the ransomware “WannaCry,” which disrupted computer systems in 150 countries this past weekend, has evolved into new variants just as workers return to their desks Monday. Ransomware is malicious software hackers use to bar access to computer data until a ransom is paid.
• According to Engadget, some new variants of the exploit lack a "kill switch,” which means they have no immediate fix. MalwareTech, a tracker of infected network computers, may have developed a way to halt the spread of WannaCry, but hackers have since found a way to bypass it.
• An end user, who’s being called an “anonymous or accidental hero,” stopped WannaCry over the weekend. But there’s concern that the ransomware could spread further, causing more havoc for workers as they return to work on Monday.

Dive Insight:

MalwareTech reportedly detected malicious activity on 227,000 computers. This widespread havoc should be a “code red” warning to employers to keep their security software updated.

HR departments are golden targets for hackers because of the high volume of personal information — including financial data — employers maintain on employees. Cyber thieves recently leaked email login credentials from HR professionals at Gannett, publisher of USA Today.

Other high-profile incidents have seen employees’ Social Security numbers, financial information and personal data compromised. A ransomware campaign termed "GoldenEye" targeted recruiters in January, tricking them into downloading what appeared to be authentic-looking resumes and cover letters.

This campaign is a sharp warning for HR to take the lead in protecting sensitive employee and organizational data from phishing activity and cybersecurity breaches. One expert who spoke with HR Dive offered a five-step checklist toward shoring up data security in advance of a new threat.