British Government Will Ban Payment For Ransom Attacks 

Businesses in the UK are set to be protected by new ransomware ban to tackle the threat of cyber crime, which is estimated to cost the UK economy billions of pounds every year. 

The proposed legislation follows a series of serious ransomware attacks on the National Health Service (NHS), the British Library and the Royal Mail, that have caused severe disruption and cost millions in recovery costs. 

The intention is to make public sector and infrastructure organisations less appealing as targets for ransomware gangs.

Ransomware is malicious software which infects a victim’s computer and demands a ransom from them in order to give them back access to their system, for their data to be restored, and often for the hackers not to publish the victim’s data on the web.

Aiming to undermine the cyber criminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals. This is an expansion of the current ban on payments by government departments.

In a crackdown on such cyber attacks, operators of critical national infrastructure will be barred from bowing to demands when criminal gangs hold IT systems hostage. Payouts by private companies will have to be reported to the government and could be blocked if they are made to sanctioned groups or foreign states. Reporting ransomware attacks will also be made mandatory if the proposals become law.

The ban will also apply to critical national infrastructure such as energy and transport networks. Government departments are already banned from paying ransomware gangs.

They also include a new payment prevention regime, where victims not covered by the ban will be required to report their intention to pay to the government. The payment will then be assessed, and the government which will have the power to block it.

These measures appear to have widepspread industry support. According to Mike Kiser, Director of Strategy & Standards at SailPoint "“Ransom payments should be banned: increasing payouts mean a corresponding rise in malicious activity. However, as soon as laws are passed to ban ransom payments, an underground market is likely to arrive – resulting in a hidden economic system. Who is then held responsible for violating laws - is it the corporate entity or the fault of the security executive? The time for action to mitigate the rise of ransomware is now. But as with so many other elements of life, prevention is better than cure.”

The technology exists to protect these government organisations, but many NHS trusts and councils are still using older IT infrastructures that are typically more vulnerable to attack. Simon Jelley, VP and GM Data Protection at Arctera commented "This new no-pay mandate will need to come with a strong wraparound package of guidance and financial support to ensure that government organisations have expertise and tools to simply achieve true resilience.” 

Paying ransom is officially discouraged by UK authorities but is not illegal, depending on who is being paid. However, has been illegal for some time to pay a ransom if the victim suspects that the proceeds are going to a terrorist organisation.

Gov.UK   |   NCSC   |    Guardian   |    ITPro   |     Intelligent CISO   |   Holyrood   |    Computer Weekly    

Image: XtockImages

You Might Also Read:

Strengthening Britain's Cyber Defences:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Understanding The Importance of Kernel-Level Security
President Biden’s Final Cyber Security Executive Order   »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Glasswall Solutions

Glasswall Solutions

Glasswall Solutions has developed a disruptive, innovative security technology which provides unique protection against document based cyber threats.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

CyberASAP

CyberASAP

CyberASAP provides expertise, knowledge and support to convert academic ideas into commercial products in the cyber security space.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.