High Court Aids Company Facing $6.8 Million Ransomware Demand

Even the most sophisticated companies can fall victim to ransomware and online blackmail. However, as a High Court ruling showed, judges have a formidable arsenal of powers to tackle such abuse and are on duty day and night.

The case concerned a company that provides technology-led solutions for security-sensitive and highly classified projects of national significance and whose clients require the utmost discretion. It received a ransom note stating that cyber attackers had hacked into its databases and that highly confidential information would be published on the dark web unless a ransom of $6.8 million was paid.

Some of the data stolen by the hackers was protected by the Official Secrets Act 1989 as well as being extremely commercially sensitive. Individuals could, in some cases, be identified from the data, which was likely to be of interest to various categories of people with malicious intent, including hostile nation states, terrorists and organised criminal gangs.

After the company took emergency action, a judge granted an interim injunction against the hackers in the early hours of the morning. The order forbade them from using or disclosing the stolen data. Following a more formal hearing, the Court had no hesitation in awarding the company summary judgment on its breach of confidentiality claim and in making the injunction permanent.

The hackers had yet to be identified but had a history of using their own dark web platform as an instrument of blackmail. The injunction was served on them using email addresses via which they had made the ransom demand. Given the nature of the company's work, the Court was satisfied that it should be granted anonymity in the proceedings. Its claim for damages and legal costs against the hackers was adjourned but could be restored for hearing at a later date.