a job application and currently targets German speakers , according to a Check Point report released Tuesday . Here 's how it works : An email appears in the HR representative 's inbox with a brief message from the supposed applicant , and two attachments . `` The first attachment is a PDF containing a cover letter which has no malicious content and its primary purpose is to lull the victim into a false sense of security , '' the Check Point report said . `` The second attachment is an Excel file with malicious macros unbeknown to the receiver . '' It also includes a message in German asking the HR representative to enable the content . The ransomware presents its victim with a decryption code , which they can enter in a Dark Web portal to pay the ransomAttack.Ransomand unlock their files . Current ransom rates for GoldenEye begin at 1.3 bitcoins , or about $ 1,000 . Ransomware often targets victims via email attachments . HR departments are especially susceptible , Check Point noted , due to the number of messages and attachments from unfamiliar people they receive .