Ransomware gang manipulates Microsoft certificates to bypass cyber security
Ransomware gang manipulates Microsoft certificates to bypass cyber security
In December last year, the United States Cybersecurity & Infrastructure Security Agency and FBI revealed that the malware group “Cuba” manipulated Microsoft certificates to bypass security protocols and deploy ransomware software.
The group, which is believed to be based in Russia, used Microsoft partner accounts to gain certification for their software, which effectively labels their ransomware as safe. This typically prevents the invasive tech from being detected by security measures. Once the software penetrates a system or computer, it usually deploys ransomware, which steals data and encrypts it. The data is then ransomed back to the owners. On average, malware attacks cost an organisation $1.85 million.
Data breaches are becoming increasingly common. Even the largest companies in the world, such as Facebook, Instagram, and British Airways, aren’t immune from hackers or even human error, resulting in lost records, emotional distress, and financial losses.
The security company, Sophos, detected the compromised software that had falsely received certification. According to the company, Cuba has used this tactic before, using compromised certificates from a Chinese tech firm to install malware into other computer systems.
In response, Microsoft launched a security update and revoked the certificates.
As data breaches and hacks become increasingly sophisticated, the threat they pose balloons. The World Economic Forum ranked data breaches as one of the leading threats against humanity, alongside climate change and weapons of mass destruction.
Is my data protected by the law?
The General Data Protection Regulation (GDPR) protects your private information across Europe. It acts on the premise of privacy as default, making it one of the strongest pieces of data protection legislation in the world.
In the UK, the GDPR is implemented by the Data Protection Act 2018. There are seven principles in the act, including:
- limited use of data
- minimisation
- accountability
Under the legislation, any information that is personally identifying is protected. This includes your name, email address, bank details, and date of birth.
The consequences of a data breach can range from relatively mild to life-altering. If you have suffered a financial loss or endured emotional distress, you may be entitled to compensation from the organisation responsible.
If an organisation is found to have breached data protection laws, it can receive a fine from the Information Commissioner’s Office (ICO).
How can I apply for compensation?
To be successful in a data breach claim, you need to speak to a solicitor who can help you to gather all the evidence you need. They can handle all communications on your behalf and ensure you get the maximum amount of compensation.
All too often, we see people receive much less than they are owed as organisations dodge liability. If an individual or company hasn’t taken enough care to ensure the safety of your private data, then they owe you compensation to help you rectify any issues caused.
HNK Solicitors can help you with your data breach claim
Data breach claims can be time-consuming and mentally draining to go through — unless you have the help of an expert solicitor, specially trained to make your compensation claim as quick and easy as possible. We can handle all the paperwork and make sure your claim is successful.
We operate on a no-win, no-fee basis, so until you receive your compensation, there isn’t a penny to pay.
To get started on your claim today fill in our online claim form, give us a call on 0151 668 0816, or email us at enquiries@hnksolicitors.com, and a member of our team will be in touch.