Advice comes as cost of cybercrime ‘increases’

UK NCSC and ICO urge legal sector to discourage ransomware payments

The UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have released a joint letter urging the legal industry not to pay ransomware demands.

The letter (PDF) was released following an increase in the number of ransomware payments as tracked by both organizations and a growing suspicion that solicitors are advising their clients to give in to extortionate demands.

“In their letter, the NCSC – which is a part of GCHQ – and the ICO state that they have seen evidence of a rise in ransomware payments, and that in some cases solicitors may have been advising clients to pay, in the belief that it will keep data safe or lead to a lower penalty from the ICO,” it reads.

“The two organizations ask the Law Society to clarify to its members that this is not that case, and that they do not encourage or condone paying ransoms, which can further incentivise criminals and will not guarantee that files are returned.”

Billion-pound industry

The statement claims that the cost of cybercrime is “in the billions”, citing figures from the Economic and Social Costs of Crime report that estimated there was an overall cost of £1.1bn ($1.19bn) from computer misuse incidents against individuals in England and Wales in the 2015/16 financial year.

Signed by John Edwards, UK information officer at the ICO, and Lindy Cameron, CEO at the NCSC, the letter also encourages those working in the legal industry to work together with the two bodies to “collaborate further” in issues surrounding cybercrime.


Read more of the latest ransomware news


Cameron said: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations.

“Unfortunately we have seen a recent rise in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend.

“Cyber security is a collective effort and we urge the legal sector to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”

Edwards commented: “We’ve seen cybercrime costing UK firms billions over the last five years. The response to that must be vigilance, good cyber hygiene, including keeping appropriate back up files, and proper staff training to identify and stop attacks.”

He added: “I want to work with the legal profession and NCSC to ensure that companies understand how we will consider cases and how they can take practical steps to safeguard themselves in a way that we will recognise in our response should the worst happen.”


YOU MAY ALSO LIKE SMEs slow to adopt MFA – study