UK Set to Ban Public Sector from Paying Ransomware Hackers: A Bold Move Against Cybercrime
The U.K. government is considering a significant proposal that could impact public sector organizations and critical infrastructure by potentially banning ransom payments to cybercriminals. This initiative comes in response to a surge in ransomware attacks targeting essential services, aiming to disrupt the financial incentives that fuel such cybercrimes.
Proposed Ban on Ransom Payments
The U.K. Home Office initiated a consultation on Tuesday, introducing a “targeted ban” on ransomware payments. This proposal seeks to prohibit public sector bodies—including local councils, schools, and NHS trusts—from making payments to ransomware hackers. The government believes that this measure would effectively undermine the core business model of cybercriminals.
Context of the Proposal
This proposal arises from a series of cyberattacks that have plagued the U.K. public sector. Notably, the NHS experienced a “critical” incident last year following a cyberattack on Synnovis, a pathology lab provider. This incident resulted in:
- A massive data breach of sensitive patient information
- Significant disruption, including canceled operations
- Emergency patients being diverted due to system failures
According to Bloomberg, this cyberattack adversely affected numerous patients, leading to long-term health issues in at least two cases.
Broader Implications for Critical Infrastructure
Under the new proposals, it would also become a criminal offense for critical infrastructure organizations, particularly in the energy and communications sectors, to make ransom payments during a ransomware attack. Currently, U.K. government departments are already prohibited from engaging with ransomware gangs.
Mandatory Reporting and Preventive Measures
The government’s plans include establishing a mandatory reporting regime for ransomware incidents. This would require victims not covered by the ban to report cyberattacks to the government. Additionally, there is a proposal for a program aimed at preventing ransom payments to sanctioned entities, giving the government the authority to block such transactions.
Government’s Position on Cybersecurity
Security Minister Dan Jarvis emphasized the urgency of this initiative: “With an estimated $1 billion flowing to ransomware criminals globally in 2023, it is vital we act to protect national security.” He stated that the proposals are designed to counter the growing ransomware threat by targeting the financial networks that support these criminal activities.
Recent Cyber Incident Statistics
Data released by the Home Office revealed that the U.K.’s National Cyber Security Center managed 430 cyber incidents during the year ending August 2024. This included 13 “nationally significant” ransomware incidents, primarily executed by Russia-affiliated criminal gangs, which pose a significant threat to the U.K.’s critical national infrastructure.
In October 2024, the U.K. National Crime Agency took action against one of these gangs, identifying an alleged affiliate of the notorious LockBit ransomware group, which had previously attacked NHS IT vendor Advanced.
Future Legislative Actions
While the U.K. government has not specified when these measures will be presented to Parliament, the consultation period is set to conclude in April 2025.
International Context
In contrast, the United States government has long advised against paying ransom demands but has not implemented a national ban. However, in October 2023, a coalition of over 40 countries, led by the U.S., committed to not paying ransoms to cybercriminals, aiming to cut off their financial resources.
For more information on cybersecurity measures in the U.K., visit the National Cyber Security Centre.
