Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The UK public sector and critical infrastructure organizations could be banned from making ransom payments under new proposals from the UK government.
The UK Home Office launched a consultation on Tuesday which proposes a “targeted ban” on ransomware payments. Under the proposal, public sector bodies – including local councils, schools and NHS trusts – will be banned from making payments to ransomware hackers, which the government says will “attack at the heart of the cybercriminal business model “.
This government proposal comes after a wave of cyber attacks targeting the British public sector. The NHS last year declared a “critical” incident. following a cyberattack on pathology lab provider Synnovis, which led to a massive data breach of sensitive patient data and months of disruption, including canceled operations and diversion of emergency patients. According to new data seen by Bloombergthe cyberattack on Synnovis resulted in harm to dozens of patients, leading to long-term or permanent damage to their health in at least two cases.
The newly outlined UK government proposals would also make it a criminal offense for critical infrastructure organisations, such as companies in the energy and communications sectors, to make ransom payments in the event of a ransomware attack. British government departments are already banned from paying ransomware gangs.
The UK proposals also detail a new mandatory reporting regime for ransomware incidents, which would require victims of cyber attacks not covered by the ban to report the incident to the government. Another proposal suggests a program aimed at preventing the payment of ransoms to sanctioned entities, which the government will have the power to block.
Security Minister Dan Jarvis said: “With an estimated $1 billion flowing to ransomware criminals worldwide by 2023, it is vital that we act to protect national security as a key foundation on which the Change Plan of this government is built.
“These proposals will help us meet the scale of the ransomware threat, cut these criminal networks into their wallets and cut off the key financial pipeline they rely on to operate,” Jarvis said.
According to data shared by the Home Office on Tuesday, the UK’s National Cyber Security Center handled 430 cyber incidents in the year ending August 2024, including 13 “nationally significant” ransomware incidents “. These were carried out “largely by Russian-affiliated criminal gangs”, the Home Office said, which continue to pose an “immediate and disruptive threat” to the UK’s critical national infrastructure.
The UK’s National Crime Agency took action against one of these gangs in October 2024, exposing an alleged affiliate of the prolific Russia-linked LockBit ransomware group. LockBit has been linked to a previous cyber attack IT Vendor NHS Advanced.
The United Kingdom has not said whether it plans to bring the measure before lawmakers in Parliament. The Home Office consultation is expected to end in April 2025.
In the United States, the federal government has long ordered against paying ransom demands, but has stopped short of imposing a national ban on ransom payments. However, in October 2023a US-led alliance of more than 40 countries has pledged as governments not to pay ransoms to cybercriminals in an attempt to starve hackers of their source of income.
