Ransomware & GDPR
The experts here at CRIBB Cyber Security are no strangers to thwarting cyber-attacks, with our ‘security by design’ approach underpinning our efforts to bolster the cyber resilience of clients in Healthcare, Maritime and the Cruise Industry. In recent years, many different forms of attack have been deployed using various approaches, and this year it seems that GDPR has effectively become weaponised through Ransomware tactics…
A form of malware that encrypts files, a Ransomware attack demands that the user pays a ransom in order to restore access to their data. They will receive instructions on how to pay in return for a decryption key, with costs generally payable in Bitcoin and ranging from hundreds to thousands of dollars.
Ransomware can be delivered into a computer in many ways, but perhaps the most common format is via phishing spam, with emails sent containing apparently trustworthy attachments. When opened, they can take over a computer, and are particularly damaging if they have built-in social engineering tools designed to trick recipients into offering admin access.
Top Tips: So, how can you best prepare against a ransomware attack?
A highly lucrative industry for cyber-criminals, ransomware has led to the teaming up of law enforcement and international agencies to discover and defeat those using it for financial gain. Perhaps surprisingly, the majority of these attacks have occurred due to weak security policies and processes adopted by employees.
It is therefore vital that your company or organisation deploys a robust security framework and follows best practices at all times:
- Ensure that antivirus software and firewalls are used and maintained and kept up to date
- Also keep all systems and software updated with the relevant patches
- Implement content scanning and filtering on email servers
- When responding to an email, text message, IM or an unsolicited phone call, never include personal information
- When working remotely, ensure that your IT team are aware and that you use a secure, trustworthy VPN
Ransomware & GDPR
Just last month, it emerged that a ransomware campaign had been used against MongoDB databases, with cyber-criminals threatening to report them over GDPR violations unless their ransom demands were met.
Almost 23,000 MongoDB databases received ransom notes through the use of an automated script which detected misconfigurations in them, before wiping them and then demanding ~$140 be paid within two days before any GDPR enforcement agencies were contacted – otherwise, the database owners would be reported for storing “…user data in an open form…”.
This is the first incident whereby cyber-attackers have referenced GDPR violations, and one can assume that it will not be the last…
CRIBB Cyber Security, part of theICEway
Here on theICEway, we take security very seriously indeed. The team at CRIBB have spent many years honing their craft and helping clients both large and small to avoid data breaches by having robust security measures in place from the outset. We believe in being proactive because we are all potential targets for cyber-criminals and must therefore act accordingly in advance.
If you need help with governance, data protection, certification, or if you simply want peace of mind that your existing efforts are strong enough, our professional and friendly team are here to help.
GDPR – The General Data Protection Regulation, a regulation in European Union law on data protection in the EU and EEA areas
Bitcoin – A cryptocurrency invented in 2008
VPN – Virtual Private Network
MongoDB – An open-source, cross-platform database program which is document-oriented