The British Library should be applauded for its refusal to pay the cybercriminals who targeted it last year (Ransomware groups warned there is no money in attacking British state, 12 March). At the National Cyber Security Centre, which is part of GCHQ, we have long shared the view of our law enforcement partners that paying ransoms should not be condoned, encouraged or endorsed. Doing so does not guarantee a return of access to data or computers, and in fact makes it more likely that the victim will be targeted in future.
Every ransom that is paid gives criminals the message that attacks work and that it’s worth doing again. We are committed to working with our partners – including internationally through the Counter Ransomware Initiative – to make the UK the hardest possible target for ransomware attacks. But we cannot do this in isolation. By responding to its attack in the transparent way that it has, the library has set a great example. We encourage all organisations to read its instructive review.
Felicity Oswald
Interim CEO, National Cyber Security Centre
