In a recently-published joint letter to the Law Society and Bar Council, the UK’s Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) has urged lawyers not to make ransomware payments on behalf of clients disrupted by attacks.

The letter addresses the role of the legal profession in supporting a safer UK online. It asks the organizations for “assistance in sharing some key messages with the legal profession in England and Wales to assist them in better advising their clients who may have suffered a cybersecurity incident.”

The letter makes a series of important points, including: “It has been suggested to us that a belief persists that payment of a ransom may protect the stolen data and/or result in a lower penalty by the ICO should it undertake an investigation. We would like to be clear that this is not the case.”

Making their joint position on the payment of ransomware demands clear, the letter states: “For the avoidance of doubt the ICO does not consider the payment of monies to criminals who have attacked a system as mitigating the risk to individuals and this will not reduce any penalties incurred through ICO enforcement action.”

The motivation for the letter comes from what is described as “an increase in the number of ransomware attacks and ransom amounts being paid.” It points out that “while payments are not usually unlawful”, the ICO and NCSC are “aware that legal advisers are often retained to advise clients who have fallen victim to ransomware on how to respond and whether to pay.”

Proactive prevention against ransomware

Before the choice of whether to pay a ransomware demand needs to be made, organizations should also be focusing on building an effective, proactive approach to preventing attacks from succeeding. Attackers often rely on a window of opportunity where new vulnerabilities, such as those exploited in the distribution of files and documents containing ransomware, can remain active and undetected for up to 18 days until antivirus and sandboxing technologies are updated to mitigate the risk or software fixes emerge.

Glasswall takes a proactive approach to file-based threats – our Zero-Trust CDR (Content Disarm and Reconstruction) technology identifies and removes risky, file-based threats from all files in moments – minimizing downtime and disruption often caused by traditional antivirus or sandboxing solutions.

Glasswall’s approach proactively and instantaneously rebuilds files to a “known good” standard. Customers benefit from safe, clean files that have been rebuilt to the manufacturer’s published specification, removing any places for malware to hide.

The impact is dramatic and helps to restore trust across every stakeholder that their files are free from malware threats, irrespective of where they may be in the supply chain. The process requires no blocking, no patching, and with no false positives to hold back important documents, delivering only safe, secure and trusted files.

As a result, every file sent or received – via email or the cloud – can be treated with confidence by organizations fully protected from file-based ransomware attacks.

To learn more about how Glaswall helps prevent ransomware attacks, book a demo with our team.

‍