The UK government is consulting on plans to ban ransomware payments by public sector bodies and critical national infrastructure (CNI) to disrupt the financial model underpinning cybercrime.
The proposals also include mandatory reporting of ransomware attacks and measures to block payments to criminal groups, aiming to reduce the threat and support law enforcement investigations.
Ransomware is the most serious cybercrime threat to the UK, with attacks on organisations like the NHS and Royal Mail causing widespread disruption and recovery costs. Security Minister Dan Jarvis highlighted the urgency of action, noting $1 billion was paid globally to ransomware groups in 2023.
Banning payments would make public organisations less attractive targets, while mandatory reporting would provide intelligence to help disrupt criminal networks. Penalties for non-compliance, such as fines or leadership bans, are also being considered to ensure adherence.
This initiative is part of a wider strategy to strengthen the UK’s cyber resilience, complementing global efforts like the disruption of the LockBit network and sanctions against major ransomware groups.
Businesses are advised to adopt strong cybersecurity measures, including frameworks like Cyber Essentials, regular data backups, and tested incident response plans, to mitigate the risk and impact of ransomware attacks.
