The Lawyer’s Daily quotes Ottawa/Toronto and Calgary lawyers Clifford Sosnow and Darren Reed in an article on ransomware cyberattacks.
There is no law on the books in Canada which says “thou shalt not make a ransom payment ever,” but Fasken counsel Clifford Sosnow noted there are “layers upon layers” of laws that a person must take into account before pulling the trigger on making a payment, such as trying to determine whether the money will be used to fund terrorist groups or be sent to a country which is facing Canadian sanctions.
Sosnow’s colleague Darren Reed said from a legal perspective what he tries to do after a ransom incident is quickly get the right technical support in place and getting the right information to get an assessment of what has been taken and whether a ransom should be paid. But he added one thing he does not do is make a recommendation on whether to pay or not to pay.