Europe’s General Data Protection Regulation, designed to protect online privacy, has resulted in a new form of ransomware, called “Ransomhacks.” European businesses can face severe financial penalties up to 4% of their global annual sales, with a maximum fine of 20 million Euros if they are found guilty by the EU of failing to provide “adequate data security.” Hackers have been leveraging businesses’ reluctance to face the bureaucracy of the EU court system and potential fines by threatening to release stolen data unless the business pays a ransom—a new twist from encrypting data for ransom. The ransoms have ranged from $1,000 to 20,000 USD in cryptocurrency. The smaller ransom may be much more alluring than the potential fines of the EU. As always, paying the ransom comes with risks. The hacker may demand more money or release the data anyway. Businesses also face the risk of additional fines by the EU if the data leak is not reported within 72 hours. So, if caught paying the ransom, the financial impact for the business will rise substantially as well. So far, the Ransomhacks have only targeted medium and large Bulgarian companies.