Cyber security and data watchdogs ask lawyers to help stop ransomware payments

15 July 2022, 11:13

A laptop screen showing a computer virus warning
Computer virus stock. Picture: PA

The NCSC and ICO have written to the Law Society, asking it to remind its members that the firms do not condone paying ransomware demands.

Solicitors have been asked by the UK’s cyber security agency and data protection watchdog to not encourage clients to pay ransomware demands.

The National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) said they are concerned by a recent rise in ransomware payments – where victims of cyber attacks pay a fee in the hope that their data will be released back to them.

The two organisations have written to the Law Society to ask it to remind members of their official cybersecurity guidance, which is that paying a ransom will not keep data safe or be viewed by the ICO as a mitigation in regulatory action.

The NCSC and ICO said they believe that in some cases solicitors may have advised clients to pay a ransom in the belief that it would ensure any affected data was safe or that it could lead to a lower penalty from the data regulator – both of which are not the case.

The watchdogs said they do not encourage or condone paying ransoms because they can further incentivise criminals and do not guarantee that files are returned.

Ransomware is a type of cyber attack that involves criminals gaining access to an organisation or individual’s files and encrypting them before demanding money in exchange for their return.

NCSC chief executive Lindy Cameron said: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations.

“Unfortunately we have seen a recent rise in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend.

“Cyber security is a collective effort and we urge the legal sector to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”

The two firms said if an organisation is hit by a cyber attack it should report any ongoing incident to Action Fraud and the ICO and NCSC as appropriate, with law enforcement then able to mitigate the impact of the attack.

Information Commissioner John Edwards said: “Engaging with cyber criminals and paying ransoms only incentivises other criminals and will not guarantee that compromised files are released.

“It certainly does not reduce the scale or type of enforcement action from the ICO or the risk to individuals affected by an attack.

“We’ve seen cyber crime costing UK firms billions over the last five years. The response to that must be vigilance, good cyber hygiene, including keeping appropriate back-up files, and proper staff training to identify and stop attacks. Organisations will get more credit from those arrangements than by paying off the criminals.

“I want to work with the legal profession and NCSC to ensure that companies understand how we will consider cases and how they can take practical steps to safeguard themselves in a way that we will recognise in our response should the worst happen.”

By Press Association

More Technology News

See more More Technology News

Microsoft surface tablets

Microsoft outage still causing ‘lingering issues’ with email

The Google logon on the screen of a smartphone

Google faces £7 billion legal claim over search engine advertising

Hands on a laptop

Estimated 7m UK adults own cryptoassets, says FCA

A teenager uses his mobile phone to access social media,

Social media users ‘won’t be forced to share personal details after child ban’

Google Antitrust Remedies

US regulators seek to break up Google and force Chrome sale

Jim Chalmers gestures

Australian government rejects Musk’s claim it plans to control internet access

Graphs showing outages across Microsoft

Microsoft outage hits Teams and Outlook users

A person holds an iphone showing the app for Google chrome search engine

Apple and Google ‘should face investigation over mobile browser duopoly’

UK unveils AI cyber defence lab to combat Russian threats, as minister pledges unwavering support for Ukraine

British spies to ramp up fight against Russian cyber threats with launch of cutting-edge AI research unit

Pat McFadden

UK spies to counter Russian cyber warfare threat with new AI security lab

Openreach van

Upgrade to Openreach ultrafast full fibre broadband ‘could deliver £66bn boost’

Laptop with a virus warning on the screen

Nato countries are in a ‘hidden cyber war’ with Russia, says Liz Kendall

Pat McFadden

Russia prepared to launch cyber attacks on UK, minister to warn

A Google icon on a smartphone

Firms can use AI to help offset Budget tax hikes, says Google UK boss

Icons of social media apps, including Facebook, Instagram, YouTube and WhatsApp, are displayed on a mobile phone screen

Growing social media app vows to shake up ‘toxic’ status quo

Will Guyatt questions who is responsible for the safety of children online

Are Zuckerberg and Musk responsible for looking after my kids online?