Security News > 2022 > July > Paying ransomware crooks won’t reduce your legal risk, warns regulator
Paying money to ransomware criminals is a contentious issue.
In recent months, we have seen an increase in the number of ransomware attacks and ransom amounts being paid and we are aware that legal advisers are often retained to advise clients who have fallen victim to ransomware on how to respond and whether to pay.
Our ransomware surveys already show that paying off the crooks almost certainly won't save you money, not least because you still have to go through a recovery exercise that will take as much time as restoring in conventional ways, as well as paying the blackmail.
The ICO notes that paying ransomware demands is not automatically unlawful in the UK. If it's likely to be the only hope of saving your business and keeping your staff in their jobs, it seems fair to consider paying up as a sort of "Necessary evil".
As the ICO reminds us, paying up could still get you in trouble because of "Relevant sanctions regimes." Paying up may be a total failure.
Paying up will not reduce any data breach penalties.