Ince Group granted injunction after ransomware attack

Saini: Clear blackmail case

Listed law firm The Ince Group has been granted an interim injunction to stop hackers from releasing confidential data on the dark web if it does not pay a ransom.

Mr Justice Saini made the order last Friday following a cyber-attack on 13 March, with the unknown perpetrator threatening to publish the stolen data on the dark web if the firm did not pay a “substantial ransom”.

It was, he said, “a clear blackmail case”. He did not outline what was stolen but said he was satisfied the information has “the necessary quality of confidence”.

The firm was entitled to a prohibitory injunction, the judge continued. “There does not seem to be any sensible basis to argue that there could be any public interest of the publication of the material; and this is a clear case where damages would not be adequate.”

“Less straightforward” was Ince’s request for an injunction requiring the defendant to deliver up, delete and/or destroy the information, given that it was a without-notice hearing.

But Saini J concluded that a mandatory injunction was necessary. “I have a high degree of assurance that the claimant firm will be able to establish at trial the relief which it seeks on a mandatory basis at this stage. I can see no basis for the defendant to be able to resist relief requiring delivery up and/or deletion and/or destruction.

“The defendant should also be required to provide a witness statement confirming that it has complied with mandatory aspects of the relief.”

The court authorised alternative service as well. “It seems to me that there is ample justification for the claimant to be able to serve the defendant via the website through which the claimant has been communicating with the defendant.”

The hearing was held in private, with the judge observing that to have it in public “would defeat the interests” the firm was seeking to protect. A public judgment restricted to the facts necessary to explain the reason for the order would satisfy open justice requirements, he went on; Ince did not seek anonymity.

Saini J also agreed it was appropriate that the application was made without notice.

“It is clear on the current evidence that the defendant is motivated by money and has threatened to damage the claimant by a form of blackmail, and there is a real risk that notice will trigger the defendant to disseminate the confidential information which is the subject of the claim.”

Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Keeping the conversation going beyond Pride Month

As I reflect on all the celebrations of Pride Month 2024, I ask myself why there remains hesitancy amongst LGBTQ+ staff members about when it comes to being open about their identity in the workplace.

Third-party managed accounts: Your key questions answered

The Solicitors Regulation Authority has given strong indications that it is headed towards greater restrictions on law firms when it comes to handling client money.

Understanding vicarious trauma in the legal workplace

Vicarious trauma can happen to anyone who works with clients who have experienced trauma such as domestic or other violence, child abuse, sexual assault, torture or being a refugee.

Loading animation