Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

UK solicitors told to stop ‘encouraging cyber blackmail’

A letter to the Law Society of England and Wales and the Bar Council, from the UK-based National Cyber Security Centre, has warned the legal professional body about “the role of solicitors paying off cyber black mailers”.

user iconNastasha Tupas 15 July 2022 Big Law
London
expand image

Editor’s note: This story originally appeared on Lawyers Weekly’s sister brand, Cyber Security Connect.

In a joint letter addressed to the Law Society and the Bar Council in the United Kingdom, the British government’s Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) have warned against practitioners and firms to steer clear of “paying off cyber blackmailers”.

“We do not advise members to pay ransoms, nor suggest that is what they should advise their clients,” a Law Society spokesperson said.

Advertisement
Advertisement

The NCSC and the ICO’s concerted warning to “UK legal professional bodies about so-called ransomware” attacks is unprecedented correspondence, which asks the Law Society and the Bar Council to remind members that “payouts” are far from best practice.

Lindy Cameron, the NCSC’s chief executive, has described ransomware attacks as “the biggest online threat to the UK” and has made it clear that the NCSC does “not encourage or condone paying ransom demands to criminal organisations”.

The NCSC and the ICO’s letter was prompted by data on the rise in ransomware payments, “suggesting that solicitors may have advised clients to pay”, based on “belief it will keep data safe or lead to a lower penalty from the ICO”.

Engaging with cyber criminals and paying ransoms only incentivise other criminals, according to John Edwards, UK information commissioner, who told the Law Society Gazette that there is no guarantee that compromised files would be released.

“I want to work with the legal profession and NCSC to ensure that companies understand how we will consider cases and how they can take practical steps to safeguard themselves in a way that we will recognise in our response should the worst happen,” commissioner Edwards said.

“It certainly does not reduce the scale or type of enforcement action from the ICO or the risk to individuals affected by an attack.”

Ransomware attacks usually occur via hacking and encryption of an organisation’s IT systems or data. Cyber actors will likely demand payment, typically in cryptocurrency. Increasingly, this type of cyber attack has been associated with foreign government agencies.

The Law Society has agreed to comply with the NCSC and ICO’s advice and has confirmed to accommodate.

“We welcome the offer to meet to discuss future collaboration with both the ICO and NCSC and are keen to play our part in helping combat ransomware criminals,” the Law Society stated.

The NCSC and ICO have advised organisations to report ransomware attacks to the Information Commissioner’s Office (for data breaches), or to the NCSC for major cyber incidents.

You need to be a member to post comments. Become a member for free today!