Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Cyber security and data watchdogs ask lawyers to help stop ransomware payments

The UK’s cyber security agency and data protection watchdog have asked solicitors to not encourage clients to pay ransomware demands (Peter Byrne/PA)
The UK’s cyber security agency and data protection watchdog have asked solicitors to not encourage clients to pay ransomware demands (Peter Byrne/PA)

Solicitors have been asked by the UK’s cyber security agency and data protection watchdog to not encourage clients to pay ransomware demands.

The National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) said they are concerned by a recent rise in ransomware payments – where victims of cyber attacks pay a fee in the hope that their data will be released back to them.

The two organisations have written to the Law Society to ask it to remind members of their official cybersecurity guidance, which is that paying a ransom will not keep data safe or be viewed by the ICO as a mitigation in regulatory action.

The NCSC and ICO said they believe that in some cases solicitors may have advised clients to pay a ransom in the belief that it would ensure any affected data was safe or that it could lead to a lower penalty from the data regulator – both of which are not the case.

The watchdogs said they do not encourage or condone paying ransoms because they can further incentivise criminals and do not guarantee that files are returned.

Ransomware is a type of cyber attack that involves criminals gaining access to an organisation or individual’s files and encrypting them before demanding money in exchange for their return.

NCSC chief executive Lindy Cameron said: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations.

“Unfortunately we have seen a recent rise in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend.

“Cyber security is a collective effort and we urge the legal sector to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”

The two firms said if an organisation is hit by a cyber attack it should report any ongoing incident to Action Fraud and the ICO and NCSC as appropriate, with law enforcement then able to mitigate the impact of the attack.

Information Commissioner John Edwards said: “Engaging with cyber criminals and paying ransoms only incentivises other criminals and will not guarantee that compromised files are released.

“It certainly does not reduce the scale or type of enforcement action from the ICO or the risk to individuals affected by an attack.

“We’ve seen cyber crime costing UK firms billions over the last five years. The response to that must be vigilance, good cyber hygiene, including keeping appropriate back-up files, and proper staff training to identify and stop attacks. Organisations will get more credit from those arrangements than by paying off the criminals.

“I want to work with the legal profession and NCSC to ensure that companies understand how we will consider cases and how they can take practical steps to safeguard themselves in a way that we will recognise in our response should the worst happen.”