#WeekendWisdom 010 Ransomware Breaches

Welcome to #WeekendWisdom number 10. This week we are talking about Ransomware Breaches.

TravelEx ransomware breach

Over the last several weeks, there have been an increasing number of ransomware incidents occurring, all across the globe. Most concerning of recent times has been the TravelEx company in the UK. They are a currency exchange company. They were hit with a ransomware incident on New Year’s Eve and they have been down now for more than 10 days. They only advised in the last couple of days that it was ransomware that hit them. They are now processing transactions on pen and paper with calculators to do calculations.

The GDPR consideration

If you were processing personal data of EU residents and you get hit with ransomware incident, you have got a GDPR exposure because the data has been unlawfully altered. Now because you may not understand what the risk situation is to the individuals and because once you become aware of a data breach you must report it to the data protection authorities within 72 hours, if there is a risk to the rights and freedoms of the individuals, you would be well advised to report the ransomware incident to the data protection authorities. If you process some sensitive data on individuals, you would also need to be notifying them as well about the ransomware breach.

Does paying work?

Some say that people should pay to get their data back because it’s often cheaper than recovering the data and the systems themselves. That can be the case but again recently some of the decryptors that the ransomware creators have made haven’t been working properly and people have actually lost data even though they have paid for to get the data back. So that is significant risk that you really don’t want to take on board.

What if they leak your data?

Another concern is that, again a fairly recent development, is that the ransomware criminals are actually getting the data, they’re stealing the data downloading it from your systems before they scramble it, so then once your data is scrambled and they’re looking for the ransom if you say “I’m not going to pay the ransom”, they will say “OK, well if you don’t pay the ransom we’re going to leak the data onto the internet and let everybody see the data.” So you will have a significant problem there. So you really don’t want to get caught out with ransomware in the first place.

Backups, tested backups and offline backups

So the best protection against ransomware is always having good reliable tested and secure backups. You want to make sure you have tested the backups. This is really important that you test the backups quite frequently and nowadays my advice would be to test your backups at least monthly, no less than quarterly testing of the backups and restore the data. Use the cloud for an offsite copy of the data, the cloud is fine for that. But you do need to have an offline copy of your data, maybe on an external hard drive or some kind of mechanism that you can disconnect from your computer when the backup isn’t taking place. So if you get hit with ransomware and local data is corrupted and maybe even you’re cloud data could be corrupted, you have a local copy on a hard disk that you can recover from.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.