UPDATED 22:56 EDT / JUNE 24 2018

INFRA

Europe’s GDPR leveraged in new form of cyberattack dubbed a ‘ransomhack’

The introduction of the European Union’s General Data Protection Regulation law pertaining to online privacy has seen the creation of a new form of targeted cyberattack dubbed a “ransomhack.”

First described by Bulgarian security company Tad Group, a ransomhack differs from traditional ransomware in that it doesn’t hold customer data hostage but instead is aimed at releasing stolen data publicly unless a ransom is paid.

The switch in modus operandi by hackers stems from the penalties a business can face under GDPR regulations if they are found not to have adequately secured the stolen data to begin with. What constitutes adequate protection is subjective, but any companies facing an adverse GDPR finding would be facing significant financial costs should they agree to pay a fine or battle it in court, making the prospect of paying a ransom to hush up the data breach often more appealing.

According to Hackread, the victims so far have been medium-sized and large Bulgarian companies that are requested to pay a ransom in an untraceable cryptocurrency. The ransoms are said to vary from $1,000 to $ 20,000, whereas an adverse GDPR finding can see a fine as high as 4 percent of the global annual turnover of the company in the previous year up to a maximum of 20 million Euros ($23.3 million).

Interestingly, paying the ransom also offers a number of risks. As well as the hacker perhaps coming back with more ransom demands, the GDPR states that companies that have become the victim of the cybercrime must report the incident within 72 hours of confirming the breach. In the event that they fail to do so, that also attracts a substantial fine, meaning that if they’re caught after having paid a ransom and not having reported it, the cost to the company continues to rise.

Image: Tad Group

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU