Solicitors are being urged to help keep UK businesses secure by discouraging payments to ransomware criminals.
In a joint letter, the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have asked the Law Society to remind its members of their advice on ransomware and emphasise that paying a ransom will not keep data safe or be viewed by the ICO as a mitigation in regulatory action.
In their letter, the NCSC – which is a part of GCHQ – and the ICO state that they have seen evidence of a rise in ransomware payments, and that in some cases solicitors may have been advising clients to pay, in the belief that it will keep data safe or lead to a lower penalty from the ICO.
The two organisations ask the Law Society to clarify to its members that this is not that case, and that they do not encourage or condone paying ransoms, which can further incentivise criminals and will not guarantee that files are returned.
Ransomware involves the encrypting of an organisation’s files by cyber criminals, who demand money in exchange for providing access to them. These attacks are becoming more sophisticated and damaging and the UK Government is working with partners across the board to mitigate the threat. With this in mind, in December 2021 the National Cyber Strategy was launched to provide £2.6bn of new investment and strengthen the UK’s role as a responsible cyber power.
Tackling cyber crime, in particular ransomware, is at the heart of the strategy which aims at increasing capability of law enforcement partners so they can better respond to cyber attacks. For instance, the National Cyber Crime Unit (NCCU) within the National Crime Agency (NCA) was created to bring together law enforcement experts into a single elite unit. There is also an established network of regional cyber crime units (ROCUs) to provide access to specialist capabilities across the country.
“Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations,” said NCSC CEO Lindy Cameron “Unfortunately we have seen a recent rise in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend. Cyber security is a collective effort and we urge the legal sector to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”
Cybersecurity will be one of the big themes of the following live face to face event in San Jose this September: