top of page

Solicitors and law firms urged to help prevent the upward spike in ransomware payments

In July this year, the NCSC and ICO shared a joint letter with the Law Society after increases in ransomware payments. The EMCRC want to bolster this message with our free membership package.

Solicitors are being asked to help keep the UK safe online by combating an increase in payments made to ransomware criminals.

The National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) asked the Law Society in a joint letter to remind its members of their advice on ransomware and emphasise that paying a ransom will not keep data safe or be viewed as a mitigation in regulatory action by the ICO.

The NCSC, which is part of GCHQ, and the ICO state in their letter that they have seen evidence of an increase in ransomware payments, and that in some cases, solicitors may have advised clients to pay in the belief that it will keep data safe or result in a lower penalty from the ICO.

The two organisations request that the Law Society inform its members that this is not the case, and that they do not encourage or condone paying ransoms, which can incentivise criminals and do not guarantee that files are returned.

Ransomware involves cyber criminals encrypting an organisation's files and demanding money in exchange for access to them. These attacks are becoming more sophisticated and damaging, and the UK government is collaborating with partners from all sectors to reduce the threat.

With this in mind, the National Cyber Strategy was launched a year ago (Dec 2021) to provide £2.6 billion in new investment and strengthen the UK's role as a responsible cyber power.

Our aim, from a regional point of view, is to help as many East Midlands law firms as possible with their cyber security.

Detective Inspector Colin Ellis, the Police Delivery Lead for the East Midlands Cyber Resilience Centre, said:

"Paying a ransom to criminals - once a ransomware attack has hit your company - is not a guarantee of business continuity, nor will it completely undo damage to finances and reputation.
"What it will guarantee is the continued threat of further attacks against your own organisation and others. The criminal actors behind these organised and sophisticated campaigns will continually evolve and adapt their methods; funding them by paying ransoms merely enables them to do this and encourages them to continue.
"The onus is on every business sector including the legal sector to better protect themselves against these attacks. Taking pre-emptive action and ensuring your organisation has cyber security measures in place is the most effective way to combat these criminals.
"The Cyber Resilience Centres are a national innovation set up to help guide your organisation and assist with safeguarding your own business's finances and reputation against cybercrime in all its forms. Sign up as a free member to find out more."

Combating cybercrime, particularly ransomware, is central to the national strategy as well as the CRC strategy, by way of aiming to improve law enforcement partners' ability to respond to cyberattacks.

NCSC CEO Lindy Cameron said:

“Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations.
“Unfortunately, we have seen a recent rise in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend.
“Cyber security is a collective effort, and we urge the legal sector to work with us as we continue our efforts to fight ransomware and keep the UK safe online.”

John Edwards, UK Information Commissioner, added:

“Engaging with cyber criminals and paying ransoms only incentivises other criminals and will not guarantee that compromised files are released. It certainly does not reduce the scale or type of enforcement action from the ICO or the risk to individuals affected by an attack.
“We’ve seen cybercrime costing UK firms billions over the last five years. The response to that must be vigilance, good cyber hygiene, including keeping appropriate back up files, and proper staff training to identify and stop attacks. Organisations will get more credit from those arrangements than by paying off the criminals.
“I want to work with the legal profession and NCSC to ensure that companies understand how we will consider cases and how they can take practical steps to safeguard themselves in a way that we will recognise in our response should the worst happen.”

In the event of a ransomware attack or other cybercrime, organisations should report any ongoing incidents to Action Fraud (on 0300 123 2040, which is available 24 hours a day, 7 days a week), the Information Commissioner's Office (for data breaches under GDPR), or the NCSC for any major cyber incidents.

Then, law enforcement will be able to lessen the impact of the attack and secure evidence that will aid in an investigation.

The ICO will recognise when organisations have taken steps to fully understand what happened and learn from it, and when, where appropriate, they have raised their incident with the NCSC and can demonstrate compliance with appropriate NCSC guidance and support.

The NCSC provides extensive advice on mitigating the ransomware threat, such as advising businesses to keep offline backups. All of its advice is available on its ransomware pages. On its website, the ICO recently updated its ransomware guidance.

In the new year, we will write to as many East Midlands law firms as possible to offer our basic free membership, simply as a way of letting them know that guidance, knowhow and assistance in the event of an attack is available from their local CRC and/or police force.

For further information on our free membership - or if you have any queries after reading this article - please don't hesitate to contact us.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page