The UK government is preparing to introduce a ban that would prohibit public sector bodies and critical infrastructure organizations from paying ransoms following ransomware attacks.
This proposed law would apply to entities such as local councils, public schools, and the National Health Service (NHS), which is funded by the government.
“Ransomware costs the UK economy millions of pounds annually, with recent attacks demonstrating the severe operational, financial, and even life-threatening consequences,” the government stated. The goal of the ban is to disrupt the ransomware economy and reduce the appeal of targeting essential public services. Security Minister Dan Jarvis added, “We are determined to break the cybercrime business model and protect the services people depend on. By working with industry on these new rules, we’re making it clear that the UK stands firm against ransomware.”
Under the new proposal, private companies not included in the ban would still need to notify the government if they intend to make a ransom payment. This allows officials to assess whether the payment could breach regulations tied to sanctioned cybercriminal groups, many of which are based in Russia.
A mandatory reporting framework is also in development. This system would help law enforcement gather crucial information about attacks, aiding both investigations and victim support.
The announcement comes after a public consultation launched in January, which explored a focused ban on ransomware payments for public sector organizations and critical infrastructure. It also considered stronger rules around reporting ransomware incidents and discouraging ransom payments.
Ransomware remains the top cybercrime threat in the UK and is classified as a national security risk by both the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
In recent years, ransomware has impacted several major UK institutions, including the NHS and the British Library. Most recently, Marks & Spencer (M&S) suffered a ransomware attack in April that disrupted its operations and halted online orders. The attack involved the DragonForce group encrypting virtual machines on VMware ESXi hosts.
The Co-op also reported a cyber incident where attackers accessed personal data belonging to past and present members. Harrods, meanwhile, had to limit access to some parts of its network after detecting attempted intrusions by cybercriminals.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
