May 23, 2017

The Effects of WannaCry Ransomware on Your Critical Data

WannaCry? Only if you lose your most critical data.

Last week’s attack has many people wondering: DzI wanna know if my critical assets were exposed to Ransomware is bad, but losing data can be far more costly.

Unfortunately, WannaCry’s apparent success will only further embolden more cyber criminals. What’s interesting is that a decent data back-up strategy can protect most systems from ransomware (other than the hassle of reloading applications and data back to machines. Collecting $300 per infected machine is chump change compared to getting access to a critical database and collecting tens of thousands of dollars for stealing PII data records from the same device. Even worse, the same basic techniques used to infect and spread to other machines are used by the malware that encrypts your data vs. the malware that accesses your data for removal. All of this means it does not take the attacker much more effort.

Today, each lost PII record is estimated to cost the victim over $100, and in healthcare, each patient record lost costs well over $300. Just allowing malware to access a healthcare clinic’s data can cost $350,000 if 1,000 records are exposed.

Costs are high for PII data because it’s protected by laws that can include substantial fines. These fines are imposed if the authorities, the breach insurance company, and the record holders are not notified within days of the occurrence. Complicating matters, each state’s rules are different (e.g., some states require notification within five days where others provide more time). But the EU is the worst with GDPR promising up to 20M Euro fines if their citizens’ data is inappropriately accessed and the right systems are not in place to notify the authorities within 72 hours.


What can you do?

The best plan is to have a system in place that can provide the detailed information that tells you exactly what data was exposed. The best way is to capture the actual transfers. Authorities love this as it provides rock-solid evidence of exactly what happened – down to which records were accessed. Unfortunately, you can’t get this type of information from SIEMs or other expensive approaches – they may indicate what happened, but then it takes an incident response team days, weeks, or even longer to say what happened. Even then, it’s often just a best guess.

Are there systems out there that provide a simple way to review the data of such conversations and not break the bank or require a full-blown SOC team. The answer is yes! Find out more at

The sad truth? If WannaCry makes companies think more about protecting their data, we will all be better off.

Tags: cyber attack, data breach, cybersecurity, ransomware, Malware