Data Security

Title Ransomware: The Hidden Threat to GDPR Compliance

Written by: Anne Gotay 5 min read

Ransomware is a threat that all businesses must consider and will face at some point in the future. Sophos’ research shows that 37% of companies were hit by ransomware in 2020 alone. Although the number of victims appears high, the actual figures are likely much higher due to underreporting. Companies that fail to comply with the regulations risk severe consequences, such as hefty penalties and possible legal action.

GDPR (General Data Protection Regulation) compliance affects any company storing the data of EU residents or citizens, which in today’s interconnected world could be almost any organization. GDPR requires companies to harden their infrastructure to prevent attackers from getting into their systems. Unfortunately, many organizations fail to recognize the risks created by ransomware and its potential impact on their businesses, causing them to run afoul of GDPR.

Does Ransomware Affect GDPR?

On the surface, ransomware does not appear to impact GDPR. It blocks access to maliciously encrypted files until the victim pays the ransom. If this were the extent of the actual damage caused by ransomware, there would be no concerns under GDPR. Unfortunately, ransomware is far more complex than it appears on the surface.

Ransomware started as an attack encrypting data, but it has grown far beyond that functionality. Modern ransomware strains open the door to more complex attacks involving data theft and deeper penetration into internal resources. It opens backdoors, exfiltrating sensitive data and allowing attackers to view information before it is encrypted selectively.

This creates a challenge for organizations handling data controlled by GDPR. Once this information is accessed or exfiltrated, it becomes a significant incident. It has violated the rights and freedoms of individuals referenced by the stored data. At this point, ransomware has caused a breach associated with GDPR, leading to mandatory reporting for the business involved.

GDPR Breaches are Serious

Ransomware infections that spread quickly throughout an organization, affecting more than just endpoints. It branches out to shared storage environments, including those in the cloud, which are frequently used for inexpensive, highly-accessible shared storage. Without adequate controls in place, it becomes difficult to determine the full extent of the damage, increasing the amount of potential damage included in the report.

Organizations have 72 hours to inform the local data protection authority when personal data is compromised. When filing the breach report, they must include information about the type of attack and the amount of personal data affected. If they cannot quantify the exact amount, they need to assume that anything potentially accessible was breached.

In the case of serious breaches involving personal data, GDPR mandates informing the data subjects involved that their information was compromised. At the point of notification, the incident becomes a more public affair, damaging the company’s reputation, which has been shown to damage revenue in almost a third of businesses, many suffering a decrease of more than 20%.

Attackers Use GDPR to Their Advantage

Attackers understand the costs associated with GDPR non-compliance for a company. There was a reported case of cybercriminals discovering an unsecured MongoDB database and threatening to leak the data and report the impacted companies if the victim did not pay. These criminals were hoping that companies would pay off their extortion demands rather than deal with the threat of potential GDPR fines that may exceed €20 million or 4% of global revenue.

This situation highlights the conundrum that companies with GDPR-controlled data face when handling ransomware demands. Is it better to silently pay off the criminals and sweep the incident under the rug or follow the law and report the incident, which may come with crippling fines and publicity? Even if a company attempts to pay off attackers, there is a significant risk that attackers stole data and could use it against them in future extortion demands. There is no reason to trust that a criminal who has threatened you once would not attempt it again.

Preventing Ransomware is the Best Solution

Fortunately, organizations can avoid managing the fallout of a GDPR breach from ransomware. Organizations stop the threat by using proactive solutions to eliminate ransomware before attackers can get their hands on data.

Modern anti-malware solutions help organizations mitigate the threat of ransomware by detecting it based on its behavior rather than a collection of signatures that require constant updating. Behavior-based solutions monitor key indicators of ransomware infections down to the hardware resources. As ransomware attacks aim to lock and exfiltrate data, new infections create tell-tale signs that can be identified early on before any damage occurs.

The most advanced solutions monitor the utilization of resources across data stores to determine standard utilization patterns. These solutions can analyze the massive volumes of data generated in real-time to identify the first signs of an infection and block access to the malicious processes, stopping the attack before it can spread. This eliminates the risk of a GDPR breach due to ransomware.

Eliminating Ransomware to Maintain GDPR Compliance

As organizations push to adopt cloud technologies into their infrastructure, many anti-malware solutions cannot deliver this level of protection. Most solutions are built only for on-premises, with almost none protecting shared cloud resources.

Sotero is purpose-built in the cloud for the cloud. It protects cloud resources against ransomware, eliminating the threat of it spreading to internal resources that are mapped to it.

Rather than using a legacy signature-based approach, Sotero offers behavior-based anomaly detection to create a comprehensive ransomware solution. Using advanced machine learning, it creates usage and access baselines across your cloud infrastructure, monitoring and flagging suspicious activity.

Sotero ransomware protection can detect malware at the earliest stages of an attack, cutting off access, logging access, and generating alerts before the malware can take hold. Using an early prevention path, your organization eliminates the risk of sensitive data exfiltration, avoiding the costly fines associated with a breach under GDPR.

Learn more about how Sotero can prevent ransomware from causing a GDPR compliance failure.


data protection,

data regulations,

data security

Subscribe to our Blog

Take a look at a truly encrypted future, with no data left unsecure.

Request a Live Demo.

Schedule a live one-on-one
demo of Sotero.

Book Demo