Ransomware: to pay or not to pay?

With ransomware posing the most significant cyber threat in the United Kingdom, hundreds of businesses each year face the dilemma of how to respond to a raid on their valuable data. After seeing increasing numbers of ransoms disbursed, the Information Commissioner's Office and National Cyber Security Centre have stepped in with a joint letter to the legal profession to discourage such payments. Rhiannon Webster and Will Chalk of Ashurst report on the guidance along with requirements under the law.

Rhiannon Webster (+44 20 7859 3070, rhiannon.webster@ashurst.com) is Partner and Head of UK Data Privacy and Cybersecurity Practice while Will Chalk (+44 20 7859 3066, will.chalk@ashurst.com) is Partner, Corporate Transactions at Ashurst. With assistance from John Macpherson (+61 2 9258 6479, john.macpherson@ashurst.com), who is Head of Cybersecurity, Ashurst Risk Advisory; Rob Hanley (+61 2 9258 6160, robert.hanley@ashurst.com), Partner, Legal Governance Advisory; Ross Denton (+44 20 7859 3065, ross.denton@ashurst.com), Consultant, Head of International Trade;andRenée Green (+44 20 7859 3164; renee.green@ashurst.com), Global Expertise Counsel, Cyber and Data Risk.

With ransomware posing the most significant cyber threat in the United Kingdom [1], hundreds of businesses each year face the dilemma of how to respond to a raid on their valuable data. After seeing increasing numbers of ransoms disbursed, the Information Commissioner's Office and National Cyber Security Centre have stepped in with a joint letter to the legal profession to discourage such payments. Rhiannon Webster and Will Chalk of Ashurst report on the guidance along with requirements under the law.