The United Kingdom’s government has initiated plans to prohibit public sector and critical infrastructure organizations from making ransom payments following ransomware attacks, aiming to disrupt the financial incentives that bolster cybercriminal activities. This proposed legislation would apply to local councils, schools, and the nationally funded National Health Service (NHS).
According to the government, ransomware inflicts substantial financial losses on the UK’s economy, with recent high-profile incidents underscoring the significant operational and financial risks involved. In a statement, the government emphasized that the ban targets the business model that enables the operations of ransomware groups, making vital public services less appealing targets.
Security Minister Dan Jarvis expressed the government’s determination to dismantle the cybercriminal business model and safeguard critical services. “By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware,” he stated.
For private entities not covered by the proposed ban, businesses would be compelled to inform the government prior to making any ransom payments, seeking advice on potential violations of sanctions laws regarding cybercriminal groups, many of which are believed to be based in Russia. Additionally, a mandatory reporting system is being formulated to facilitate cooperation with law enforcement in tracking down attackers and aiding victims.
This announcement comes after a January public consultation regarding ransomware, which suggested a targeted ban on payments for all public sector bodies and critical national infrastructure. Ransomware is recognized as a significant cybercrime threat in the UK, with both the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) identifying it as a national security risk.
In recent years, a number of prominent UK organizations, including the NHS and the British Library, have fallen victim to ransomware attacks. More recently, Marks & Spencer was compromised in an April attack using a DragonForce encryptor, leading to the suspension of online orders and significant disruptions across its 1,400 stores.
Other firms, including the Co-op, have also faced cyber incidents, with the Co-op confirming data theft from numerous members, while Harrods reported attempted breaches that resulted in restricted internet access to some sites.