Researchers at McAfee have discovered a new “ransomware-as-a-service” tool on the darknet. This tool, named "Tox", allows criminals to automatically create ransomware. Once the victim’s device is infected, the ransomware begins to encrypt their hard drive, allowing the criminal to demand a ransom in exchange for the encryption key.
Ransomware is one of a range of cyber security threats posed to companies. Cyber extortions have taken on multiple forms, all focused on data – whether it is encrypting data and holding it hostage, stealing data and threatening exposure or denying access to data. These security breaches can carry serious implications for businesses. Aside from reputational damage, there can also be serious legal and regulatory implications for cyber security breaches. The consequences can be difficult to manage, particularly where companies are unable to demonstrate legal obligations and best practice such as:
· having appropriate security measures in place;
· having written cyber security policies in place; and
· clarifying responsibilities to employees on what to do in the event of an attack.
According to the 2015 A&L Goodbody Cyber Risk Study (one of the largest domestic cybercrime studies of its kind), less than a third of businesses across Ireland are fully prepared to deal with a cyber attack and a significant majority are not fulfilling basic legal requirements, leaving themselves open to possible litigation and fines on top of risking the loss of intellectual property and commercially sensitive information.