The UK government has introduced proposals to increase ransomware incident reporting and reduce payments to cyber criminals. The measures are rooted in the principle that ransom payments fuel the crime by making it more lucrative. Much like negotiating with terrorists, paying ransoms risks emboldening criminals and increasing the likelihood of future attacks while failing to guarantee the safety of stolen data. These proposals are now open for public consultation until April 8, 2025.
Ransomware has become the UK’s most significant cyber threat, with attackers extorting billions globally. Recent data indicates ransomware incidents in the UK have reached record levels, with public awareness and concern growing. According to the Home Office, 74% of citizens are alarmed by the risk, particularly to critical national infrastructure (CNI) and public sector services.
1. Ban on Ransom Payments by Public Sector and CNI Operators
A proposed blanket prohibition on ransom payments by public entities and operators of CNI aims to deter attacks on essential services. The ban would extend existing restrictions on central government departments to local councils and regulated CNI sectors, such as healthcare and energy. The Home Office believes that eliminating the financial incentive for attackers could render the UK’s public sector an unattractive target. The government is also considering penalties, including criminal sanctions for breaches of the ban.
2. Ransom Payment Prevention Regime
The second proposal requires all ransomware victims outside the public sector to notify authorities before making any payments. For the purposes of establishing risk assessment, this data could be vital. This element would allow the government to review payment plans and offer guidance on alternative resolutions. Authorities could block payments that violate sanctions or terrorism finance laws.
3. Mandatory Reporting of Ransomware Incidents
The Home Office is also recommending a mandatory reporting requirement for ransomware incidents. This would provide a clearer picture of the threat and help law enforcement respond effectively.
Breaking the Payment Cycle
One concept central to these proposals is the disruption of the ransomware payment cycle. Like any “business,” attackers often reinvest ransom, or profit in a conventional sense, back into future attacks.
Global and Industry Collaboration
The proposals align with international efforts through the Counter Ransomware Initiative (CRI), co-led by the UK and Singapore. The CRI has spearheaded global agreements discouraging ransom payments and emphasized that yielding to ransom demands emboldens attackers. In collaboration with the National Cyber Security Centre (NCSC), the government aims to provide guidance and support for victims, including advice on resilience measures like offline backups.
Conclusion
With ransomware attacks growing in frequency and sophistication, these proposals mark a decisive step in the UK’s fight against cybercrime. By reducing payments to criminals and enhancing incident reporting, the government hopes to protect critical systems and citizens from the escalating threat. What all this means for ransomware cyber insurance remains to be seen.
Other News: Should Ransomware Payments Be Banned?(Opens in a new browser tab)
