British Government Will Ban Payment For Ransom Attacks

Uploaded on 2025-01-15 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Businesses in the UK are set to be protected by new ransomware ban to tackle the threat of cyber crime, which is estimated to cost the UK economy billions of pounds every year.

The proposed legislation follows a series of serious ransomware attacks on the National Health Service (NHS), the British Library and the Royal Mail, that have caused severe disruption and cost millions in recovery costs.

The intention is to make public sector and infrastructure organisations less appealing as targets for ransomware gangs.

Ransomware is malicious software which infects a victim’s computer and demands a ransom from them in order to give them back access to their system, for their data to be restored, and often for the hackers not to publish the victim’s data on the web.

Aiming to undermine the cyber criminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals. This is an expansion of the current ban on payments by government departments.

In a crackdown on such cyber attacks, operators of critical national infrastructure will be barred from bowing to demands when criminal gangs hold IT systems hostage. Payouts by private companies will have to be reported to the government and could be blocked if they are made to sanctioned groups or foreign states. Reporting ransomware attacks will also be made mandatory if the proposals become law.

The ban will also apply to critical national infrastructure such as energy and transport networks. Government departments are already banned from paying ransomware gangs.

They also include a new payment prevention regime, where victims not covered by the ban will be required to report their intention to pay to the government. The payment will then be assessed, and the government which will have the power to block it.

These measures appear to have widepspread industry support. According to Mike Kiser, Director of Strategy & Standards at SailPoint "“Ransom payments should be banned: increasing payouts mean a corresponding rise in malicious activity. However, as soon as laws are passed to ban ransom payments, an underground market is likely to arrive – resulting in a hidden economic system. Who is then held responsible for violating laws - is it the corporate entity or the fault of the security executive? The time for action to mitigate the rise of ransomware is now. But as with so many other elements of life, prevention is better than cure.”

The technology exists to protect these government organisations, but many NHS trusts and councils are still using older IT infrastructures that are typically more vulnerable to attack. Simon Jelley, VP and GM Data Protection at Arctera commented "This new no-pay mandate will need to come with a strong wraparound package of guidance and financial support to ensure that government organisations have expertise and tools to simply achieve true resilience.”

Paying ransom is officially discouraged by UK authorities but is not illegal, depending on who is being paid. However, has been illegal for some time to pay a ransom if the victim suspects that the proceeds are going to a terrorist organisation.

Image: XtockImages

You Might Also Read:

Strengthening Britain's Cyber Defences:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.