The objective of the new European General Data Protection Regulation (GDPR) is the improvement of data security on an international degree.
The European Union implemented its GDPR rules on May 25 of this year with positive goals regarding the enhancement of communication security. However, this also triggered the occurrence of a new way for market extortion by hackers.
Reports emerged that trade persons are being assaulted by cybercriminals linked to ransomware. As expected, personal data of Internet users or consumers become disclosed and the only way to retrieve it is to pay a ransom. This new method of hacking is known as ransomhack.
At the Decenternet platform, personal information is secured and kept confidential. Data is not disseminated unless given permission by the owners or consumers.
Bulgaria-based authorities TAD GROUP emphasize the distinction in the ransom procedure. At this point, hackers intend to reveal private information to the public instead of encryption to make it inaccessible until the ransom is paid.
Cybercriminals blackmail business people by distributing the whole load of the database, which composed of personal data records on public service. According to the regulation, the company will be extremely penalized. With this, victim companies would rather pay the ransom than take the matters to the court which is very inconvenient. However, there are some risks because hackers will possibly do the same thing over and over again.
Business firms that became victims to hackers should report the case in 2 days. In case they were not able to do so, there will be a consequential fine. It means that if these companies are discovered not reporting after the incident, the cost of the penalty continues to accumulate.
According to TAD GROUP founder Ivan Todorov, ransomhack victims are Bulgarian companies with medium to large-scale businesses. They are demanded to pay a ransom in the form of cryptocurrency which cannot be traced. The redemption starts from $ 1,000 to $ 20,000. Companies, on the other hand, will get a fine of up to 20 million euros.
Todorov said, “The cybersecurity as a whole is ever changing – if a system is not prone to successful attacks today, this does not necessarily mean that it will not be vulnerable in a month’s time. New vulnerabilities and exploits that lead to information leaks are emerging every day. This is why the more often these tests are performed, the more secure companies can feel.”
These companies that have been threatened by ransomhack that adopted GDPR protection measures by establishing guidelines for personal data storage and protection in their offices. However, no information security tests have been performed to confirm if they are vulnerable to the online attacks of hackers.
These information security tests also known as penetration tests is the only method to guarantee a greater level of protection from cyber attacks. The test is a mock-up of beleaguered cyber attacks and is not conducted with criminal motives but consciously with the absolute consent from clients and in conformity with their particular needs. Its objective is to use approaches and strategies used by pernicious third-parties such as hackers to determine and strengthen security defenselessness. After conducting the service, the findings are recorded in a penetration test report saved in the client’s profile where it can be both seen and downloaded at the same time.