Armstrong Watson LLP v Person(s) Unknown

The Claimant, a limited liability partnership of accountants and tax and business advisers, applied without notice for an interim injunction to prevent the defendant from disclosing information stolen in a ransomware attack.

1. Whether it was appropriate to proceed without notice;
2. Whether to hear the application in private;
3. Whether to grant interim injunctions to restrain use and disclosure of the stolen information and requiring the Defendant to deliver up/ delete / destroy the stolen information and to provide a witness statement that it has complied with the mandatory injunction;
4. How service should be carried out;
5. Whether service out of the jurisdiction should be permitted;
6. The documents to be provided to the Persons Unknown and others.

1. It was appropriate to proceed without notice because the Defendant had demonstrated that it knew or should have known that its actions were of a criminal nature. The Claimant was being blackmailed and there was a real risk that notice would trigger the Defendant to disseminate the confidential information: [11]-[15];
2. It was also necessary to hear the matter in private to allow the court to control what information came out and not to hamper the efforts being made to trace Defendant and/or encourage others to search for the information: [16]-[19];
3. The Claimant was entitled to a prohibitory injunction applying the American Cyanamid principles, and if it was engaged which the judge did not consider it to be, s12(3), Human Rights Act 1998: [41]-[45]. The elements of a breach of confidence claim were met and there was no sensible basis to argue that there could be any defence. Damages would not be adequate. The Claimant was also entitled to a mandatory injunction. The Court had a high degree of assurance that the Claimant would establish at trial the relief sought: [46]-[48];
4. Service could be carried out via the Defendant’s website or by the original email used: [29];
5. It was proper to order service out. Loss and damage would be caused here: [26];
6. It was proper to restrict access to documents to the Defendant unless and until they identified themselves and provided an address for service. It was also proper to restrict access to documents to certain third parties: [56]-[60].

This judgment helpfully brings together in one place a number of points relevant to ransonware cases against a threat actor established in earlier decisions, including Clarkson v Persons Unknown (14 December 2017 & 6 March 2018), PML v Persons Unknown [2018] EWHC 838 (QB), 4 New Square v Persons Unknown (28 June 2021 & 14 September 2021), Verlingue v Persons Unknown (18 March 2022) and The Ince Group plc v Person(s) Unknown [2022] EWHC 808 (QB)

Two further brief judgments have been given in this case.

On 24 April 2023, on the return date which was dealt with on the papers, Mr Justice Linden provided brief reasons for extending the injunction: [2023] EWHC 921 (KB)

On 11 July 2023, on the Claimant’s application for default judgment, which was also dealt with on the papers, Mrs Justice Collins Rice provided reasons for granting default judgment and the relief sought: [2023] EWHC 1761 (KB)