A highly anticipated judgment has been passed down from the High Court, allowing for service via Non-Fungible Token (NFT) on a defendant as the sole means of service. Osbourne v Persons Unknown & Ors  EWHC 340 (KB) concerns Ms. Lavinia Osbourne, who sought to restrict the movement of two NFTs, which were misappropriated from her cryptoasset wallet in 2022. In the judgment, Mr Healy-Pratt (sitting as a Deputy High Court Judge) expanded on the comments made by Lavender J in his January 2023 judgment relating to the same case.
In this digital age, the data held by an organisation can be one of its most important commodities. Threat actors (also known as malicious actors) recognise this and as such, cyberattacks have been on the rise. In particular, ransomware attacks have increased in frequency – studies have found that more than three-quarters of UK businesses were affected by ransomware in 2021. This is to be expected, not least because an organisation can still experience significant disruption, even where it is not the target of a ransomware incident (for example, it could be that an organisation further up or down the supply chain may have been affected).
So what should a company do when their data is being held captive? Should they submit to the demands of the threat actor and simply pay? Or should they refuse to back down, on moral grounds (amongst other things)?