After posting a job vacancy on its website–and since filling the position–Arran Brewery found that the role had been advertised on job sites internationally, triggering a new wave of applicants. Amid the CVs sent in to apply, one was laced with ransomware.

The BBC reports that hackers took the liberty of posting the job vacancy with recruiting sites worldwide, presumably to give themselves cover to slip in among the legitimate applicants. When an employee from the brewery opened an email with the infected attachment, the ransomware was unleashed and the brewery became locked out of its own system.

According to The Register, the payload was delivered via PDF.

The 2-Bitcoin ransom demanded by the hackers amounted to nearly £10,000 or US$13,500. “Arran said it declined to pay, despite losing three months’ worth of sales data from one server,” writes the BBC.

Scotland’s cybercrime prevention team advised businesses to make sure their security software is up to date and systems are backed up.

Beyond covering the basics, threat extraction software can also help by removing infectious content and reconstructing documents with known safe elements.

Get the full story at the BBC.