Recently the National Cyber Security Centre (NCSC) and the Information Commissioners Office (ICO) published a joint letter, addressed to the Law Society. The document contains a request for   solicitors to stop advising clients to pay ransoms. 

The idea of the letter is quite simple – if malicious actors don’t get, what they want, they aren’t motivated to continue their illegal practice.

This position is supported with three major ideas – paying ransom won’t keep data safe, as there are simply no guarantees; paying ransom won’t reduce sanctions, imposed from the ICO; the threat  to  victims won’t be eliminated as well.

Against the background of the letter publishing, this is a rise in ransomware payments. Previously solicitors advised clients to pay, because in their opinion this measure ensured data safety or lower   penalties  from the ICO.

The ransomware payment is a controversial issue. In order to avoid this tricky and desperate situation, development of well-protected and highly efficient security system is required. Each organization   should  focus on employee trainings; increasing the level of staff’s information security literacy; implementation of advanced software tools, aimed at protection against internal and external intruders;  coordination of  work between information security officers and organizations’ top-managers.