1) Has your police authority had any data held to ransom by so-called “ransomware” cyber attacks such as Cryptolocker or similar?
2) If so, what was the specific nature of the attack? (Name of threat, data targeted)
3) Have any funds been paid to retrieve the data – i.e has the ransom been paid?
4) If so, how much has been spent on paying ransoms?
Please provide relevant background on each case — including, but not limited to, the data affected, the dates on which the attacks occurred, and the sum paid in each individual case.
Please send details of ransom attacks where the amount was not paid, also.
I am writing to inform you that we have searched our records and there is no information recorded by West Midlands Police.
Additionally, the West Midlands Police can neither confirm nor deny that it holds any other information relevant to this request, as the duty in Section 1(1)(a) of the Freedom of Information Act 2000 does not apply by virtue of the following exemptions
Section 23 (5) Information supplied by, or concerning, certain Security Bodies
Section 23 is a class based absolute exemption and there is no requirement to consider the public interest in this case. Confirming or denying the existence of whether information is held would contravene the constrictions laid out with Section 23 of the Freedom of Information Act 2000 in that this stipulates a generic bar on disclosure of any information applied by, or concerning, certain Security Bodies.