GDPR Risk Sources: Ransomware

WannaCry, WeCry, WanaCyrpt, WeCyrpt…

You are an IT staff/manager and think about your prestige level inside your entity after appearing one of those ransomware attacks on the screen…

Ransomware attacks are and surely will be the main cyber threat that can hardly be stopped. The entities desperately looking for new security tools to avoid. The new GDPR regulation will dramatically increase the cost of the side-effects of ransomware attacks on the entity’s financials.

If you are ready to see the realities on ransomware attacks, I want to share with you a recently released report of Sentinel One’s Global Ransomware Survey which has been finalized before 2018 summer. Then we can revise the security essentials against ransomware attacks:

  • Six in ten (56%) surveyed decision makers report that their organisation has suffered a ransomware attack in the last 12 months, compared to under half (48%) who said the same in 2016.
  • According to almost seven in ten (69%) respondents, the most successful ransomware attack resulted in the attacker being able to encrypt some files/data.
  • 69% say that the ransomware attacker was able to gain access to their organisation’s network by phishing via email or social media network.
  • Around two in five report that access was gained by a drive-by-download caused by clicking on a compromised website (44%) and/or an infection via a computer that was part of a botnet (42%).
  • The type of devices/systems most likely to be impacted by the ransomware attack(s) are desktop PCs (80%), servers (57%) and mobile devices (38%),
  • The types of data that are most likely to have been affected in the past 12 months were employee (45%), customer (38%) and product (37%) information.
  • Around half report that they did/would notify the CEO/board (53%), inform law enforcement (49%) and/or notify data protection regulators (45%).
  • According to respondents, the ransomware attack was successful because an employee was careless (51%) and/or anti-virus was in place but it did not stop the ransomware attack (45%).
  • Almost all (94%) cite that there has been some impact on their organisation because of ransomware attacks in the past 12 months, with the greatest impacts being an increased spending on IT security (67%) and a change of IT security strategy, to focus on mitigation (44%).
  • More than one in ten report that organisation has received negative press/bad publicity (14%) and/or seen senior IT staff lose their jobs (14%).
  • Nearly three in four (72%) surveyed decision makers agree that organisations are turning to cyber insurance now that the possibility of fines is higher with the GDPR and over half (52%) say that their organisation has lost faith in traditional cyber security, such as anti-virus.
  • The average estimated number of employee hours dedicated to replacing encrypted data with back-up data or attempting to decrypt the encrypted files amounts to 40 hours.
  • Of those whose organisation has suffered a ransomware attack in the last 12 months, the average estimated business cost as a result of the ransomware attack(s) is USD 786.347.
  • Around a third (34%) of respondents report that their organisation’s third party suppliers or partners were not affected by the attack.
  • Less than half (46%) of respondents say that their organisation did not pay a ransom because they de crypted the data themselves/had backups. Entities paid the ransom because the cost of paying the ransomware was less than the lost productivity caused by downtime from the attack (58%) and/or the cost of paying the ransom outweighed the cost of restoration/damage to business (56%).
  • Around one in five (19%) admit that their organisation paid the ransom demanded by the attacker every time. The most common reasons for not doing so are that they did not need to as they had back-ups/were able to decrypt themselves (51%) and because it is their organisation’s policy not to pay ransoms, saying that on ethical grounds they do not pay criminals (43%).
  • Nearly six in ten (58%) report that even though their organisation paid the ransom, the extortionist tried to extort a second ransom after receiving the first payment and around four in ten (42%) say that the extortionist did not decrypt the affected files despite receiving the payment.
  • The most likely motives for cyber-attackers are financial gain (62%), simple disruption to a successful business (38%) and cyber espionage (31%).
  • Three quarters (75%) of respondents agree that behavior based analytics is the only way to catch more complex ransomware attacks.

One of the strategic solution should be based on human sources of the entity with the support of technological security tools against ransomware attacks.

The security essentials can be briefed as:

  • Effective IT Governance Practices
  • Training and Awareness Activities (especially taking in consideration of the most popular instrument is phishing that attackers used)
  • Patch Management
  • Advanced Antivirus/Anti-malware and Firewall Tools
  • Regular Backup Policy and Offline Backups.

The entity security concept against ransomware should based on to avoiding and reaction processes but not to finance the attackers for the future victims.

Best Regards

Bülent Hasanefendioğlu
Head of Consultancy