Cyber Incident Victim: The Ince Group plc
Date:
Mar 2022
Location:
United Kingdom
Summary
The Ince Group plc suffered a ransomware attack where hackers stole confidential data and threatened to publish it on the dark web unless a substantial ransom was paid. The firm obtained an interim injunction prohibiting the attackers from releasing the data and mandating its deletion or destruction, with the court recognizing the incident as blackmail and deeming damages inadequate for redress. The judge authorized alternative service via the hackers' communication website and approved the without-notice application due to risks that prior warning might trigger immediate data dissemination, while allowing a limited public judgment to uphold open justice principles.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 13, 2022, The Ince Group plc experienced a ransomware attack by unidentified threat actors who stole confidential data and demanded a substantial ransom. The attackers threatened to publish the stolen information on the dark web if payment was not made, prompting the law firm to seek urgent legal intervention. The High Court granted an interim injunction on the Friday following the attack, with Mr. Justice Saini presiding over the private hearing. The judge characterized the incident as "a clear blackmail case" and determined the stolen data possessed "the necessary quality of confidence" to warrant protection. Saini J authorized a prohibitory injunction to prevent dissemination, noting no public interest justification existed for releasing the material and that financial compensation would be inadequate recourse. The court maintained privacy for the proceedings to avoid compromising the protective measures sought by Ince, though the firm did not request anonymity and permitted a redacted public judgment to satisfy open justice principles.
The court additionally issued a mandatory injunction compelling the attackers to deliver up, delete, or destroy the stolen data, despite the application being heard without notice to the defendants. Saini J expressed high confidence that Ince would ultimately succeed in establishing this relief at trial, citing no foreseeable defense against data deletion requirements. Attackers were ordered to submit a witness statement confirming compliance with these mandates. The court authorized alternative service methods, permitting Ince to serve legal documents via the same dark web communication channel used by the perpetrators, recognizing practical necessity given the defendants' anonymity. Saini J justified the ex parte hearing by citing evidence of the attackers' financial motivation and the imminent risk that advance notice might trigger immediate data disclosure. This legal response established immediate barriers against data publication while initiating formal mechanisms to compel information destruction.