The ICO and NCSC have joined forces in asking legal firms to advise their clients not to pay ransomware demands if they fall victim to a cyber attack.
They stress that engaging with the cyber criminals does not guarantee that compromised files are released, or protect against information being shared or sold; and it is not a mitigating factor for the ICO, or remove the need to engage with the ICO over the data breach.
This should help shape our plans, and you can read the joint ICO/NCSC letter at https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/07/ico-and-ncsc-stand-together-against-ransomware-payments-being-made/