UK cracks down on ransomware payments with new public sector ban

The UK government has announced plans to ban public sector organisations from making ransomware payments to cyber criminals, while private companies will be required to notify the relevant authorities if they intend to comply with such demands.

 

In a press release on July 22, Home Office Security Minister Dan Jarvis announced that public organisations, including hospitals, businesses, critical services, schools, local councils and the NHS, would be banned from paying ransom demands to hackers who infiltrate networks, steal confidential data, and encrypt critical systems with malware.

 

“Ransomware is estimated to cost the UK economy millions of pounds each year, with recent high-profile ransomware attacks highlighting the severe operational, financial, and even life-threatening risks. 

 

“The ban would target the business model that fuels cyber criminals’ activities and makes the vital services the public rely on a less attractive target for ransomware groups,” reads the press release.

 

Organisations not covered by the ban would need to notify the government of any intention to pay a ransom. In response, the government could offer advice and support, including warning businesses if the payment might breach the law by funding sanctioned cyber criminal groups, many of which are based in Russia.

 

“Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better support for victims,” the government added.

 

In a statement shared with the media, Security Minister Dan Jarvis, said, “Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on. 

 

“That’s why we’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change.

 

“By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware,” he added.

 

NCSC Director of National Resilience Jonathon Ellison added that “these new measures help undermine the criminal ecosystem that is causing harm across our economy.

 

“Ransomware remains a serious and evolving threat, and organisations must not become complacent. All businesses should strengthen their defences using proven frameworks such as Cyber Essentials and our free Early Warning service, and be prepared to respond to incidents, recover quickly, and maintain continuity if the worst happens.”