The UK’s data protection watchdog has recently taken the unusual step of requesting businesses to stop paying ransomware demands. It comes as evidence shows that malware incidents continue to rise – and that victims are paying ransoms in the hope of recovering lost data.
The request was outlined in a joint letter from the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC) sent to the Law Society (the body representing lawyers in England and Wales). It was sent because evidence suggests that corporate lawyers are advising clients to pay criminals following a ransomware infection.
The letter outlines several reasons why lawyers should back the government position on ransomware and encourage their clients not to pay ransoms.
Crime breeds crime
As the number of ransom payments has increased, so too has the rate of ransomware infection. The ICO stresses the fact that having successfully scammed one business, cybercriminals are more likely to try again. If businesses keep paying ransoms, more and more organizations are likely to be targeted.
No guarantee of success
The ICO goes on to warn that paying ransoms may not actually solve the problem. Criminals may simply keep the payment – or go on to make a second demand for even more money. This would leave the affected business in the same position, unable to access their applications and data.
Paying ransoms will not prevent regulatory punishments
Under UK data protection law, companies can be fined heavily for failing to protect certain types of data against loss or theft. The ICO/NCSC suggests that some corporate lawyers are advising their clients to pay ransoms as a way to mitigate or avoid these penalties.
However, as the letter goes on to explain, paying ransoms as a way to cover up a serious data breach will have no effect on reducing and fines that are later issued. Instead they urge lawyers to recommend that clients follow defined reporting processes. They also explain that the only way to mitigate punishments is to clearly document what the organization is doing to prevent similar breaches in future.
A serious challenge
A ransomware infection can be devastating for any business. Without access to data, most organizations are unable to function. It is not surprising that many corporate decision makers are tempted to meet the cybercriminals’ demands as a way to get up-and-running as quickly as possible.
As always, the best way to avoid falling victim to ransomware is to prevent infection and to plan what to do if systems are successfully compromised. This will involve a combination of reliable backups and disaster recovery solutions that allow them to keep uncorrupted copies of their data. They will also need to deploy an antimalware tool like Panda Dome that can identify and block ransomware before it spreads.
Cybercrime continues to be a serious challenge for businesses and individuals. But as the ICO advises, by working together we can more effectively combat crime – instead of giving in and paying the criminals.