If your plan to defeat ransomware is to pay up, then read on…

by
Cyber Secuirty - Ransomware Attack

NCSC and the ICO say – Don’t pay the malware ransom.

A couple of weeks back The National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote to The Law Society and The Bar Council outlining why it is better for everyone (including those infected with the ransomware) not to engage with the threat actors by paying the ransoms demanded. They wrote to these legal bodies as many organisations trying to pay threat actors a ransom engage solicitors to enable the transactions. Paying a ransom is not illegal but it can have unforeseen consequences. (Cameron & Edwards, 2022)

The open letter gives a number of very good reasons not to pay, the most surprising of which is that in the current political climate, commercial interactions with Russian based organisations may be covered by sanctions and could lead to a serious criminal prosecution.

However for most businesses it is this reason that is the most important:

“… payment incentivises further harmful behaviour by malicious actors and does not guarantee decryption of networks or return of stolen data.”

ICO July 2022

You are trying to deal with criminals, so don’t be surprised if in return for the money, they fail to decrypt your data.

It is the “incentivises further harmful behaviour” bit I am interested in. In a recent report it was found that “it doesn’t pay to pay” a ransom demand, as 80% of organizations that paid were hit by ransomware a second time” and the second time round the threat actors demanded more money. Why not – you paid once before. (Cybereason, 2022).

Malware and particularly ransomware getting into our businesses is something we all want to prevent and so we invest in a variety of technical defences, firewalls, anti-virus etc. However how much do you invest in your people who are sent the malicious emails that contain the malware? Having a well-trained team and experienced cyber security support is an essential step in stopping ransomware at your door, so you do not have to make the decision “to pay or not to pay”.


Clive Catton MSc (Cyber Security) – by-line and other articles

References

Cameron, L. & Edwards, J. (2022). Joint ICO and NCSC Letter to the Law Society and the The Bar Council. Retrieved November 30, 2022, from https://www.ncsc.gov.uk/files/Joint-ICO-and-NCSC-letter-to-The-Law-Society-and-The-Bar-Council.pdf

Cybereason Team. (2022). Report: Ransomware Attacks and the True Cost to Business 2022. Retrieved July 18, 2022, from https://www.cybereason.com/blog/report-ransomware-attacks-and-the-true-cost-to-business-2022

Further Reading

Solicitors urged to help stem the rising tide of… – NCSC.GOV.UK

ICO and NCSC stand together against ransomware payments being made | ICO

Contact us for consultation

Wake up to cyber threats..

If your plan to defeat ransomware is to pay up, then read on… Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close