The UK’s National Cyber Security Center and the Information Commissioner’s Office have issued a letter to UK lawyers stating they should not advise the paying of ransoms.
The letter said, “Law Enforcement does not encourage, endorse nor condone the payment of ransoms. While payments are not usually unlawful, payers should be mindful of how relevant sanctions regimes (particularly those related to Russia) – and their associated public guidance – may change that position.”
According to Security Week, the law enforcement warning will only apply to companies with a presence in the UK – but other countries operating current sanctions against Russia might take a similar stance.
The letter continued, “For the avoidance of doubt, the ICO does not consider the payment of monies to criminals who have attacked a system as mitigating the risk to individuals and this will not reduce any penalties incurred through ICO enforcement action.”
In short, the publication adds, paying a ransom could leave a company open to charges of sanctions busting, while having no effect on any subsequent ICO enforcement.