NCSC and ICO issues strong warning to law firms against Ransomware payments

For the past two years, law firms have been advising all approaching clients to pay the demanded ransom to hackers to free up their data from encryption. They are also offering a guesstimate to the clients that paying a ransom in the event of ransomware attacks will turn cheaper than what they will incur in recovering data by other means.

Putting an end to all such advisory, United Kingdom’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have issued a strong warning to professionals in the legal stream to stop advising their clients on bowing down to the demands of the cybercriminals.

Issuing a letter to the law society, NCSC clarified such practices will witness a rise in crime and don’t give a guarantee for the return of the decryption key. Criminal groups that are into the distribution of ransomware are found targeting the same victims twice or thrice a year, as they see them as money vending machines that can be used.

The law society reacted to the news politely and reminded its members not to involve in inaccurate practices that can put their clients at extreme risks.

John Edwards, the Information Commissioner, confirmed the news and added that he was glad to see the outright support offered by the legal society on the issue.

According to a survey conducted by Sophos, cybercrime costing billions for firms operating in the UK in the past 5 years.

Strict vigilance, educating employees to follow strict cyber hygiene, and keeping the software and hardware up to date might help in keeping the threat lurking in the current cyber landscape at bay.

NOTE- In November 2019, the Federal Bureau of Investigation issued a warning to all companies across the world to stop paying ransomware gangs. It later issued a notification to act wisely and pay the criminals if the situation demands and there is no other choice left to recover data.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display