Is This the Start of a Global Push to Criminalize Ransom Payments? –
The UK government plans to outlaw ransomware payments by public sector bodies. Private firms must report their ransom decisions before making any payments. The plan follows a wide public consultation and reflects growing concerns over cyber attacks on hospitals, councils, and national infrastructure. The proposed ban has its critics and supporters. Advocates argue it disrupts criminal funding. Critics worry it may leave services exposed without viable recovery options.
“Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on.”
Dan Jarvis MBE MP
Security Minister Issues Warning in Official Post
Security Minister Dan Jarvis co-authored the official announcement with the Home Office and the National Cyber Security Centre (NCSC). In the government post, Jarvis stated, “Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on.”
He emphasized the urgency of coordinated action, “We’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change.” Jarvis added, “By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware.”
Mandatory Reporting Aims to Aid Enforcement
Under the plan, businesses not covered by the ban must notify the government of any intent to pay. This step would allow legal guidance and avoid breaching sanctions, particularly when dealing with Russian-linked groups. Law enforcement would also receive better intelligence through new mandatory reporting rules.
National Cyber Security Centre Director Jonathon Ellison backed the measures, warning, “These new measures help undermine the criminal ecosystem that is causing harm across our economy.” He urged vigilance, “Ransomware remains a serious and evolving threat, and organisations must not become complacent.”
“The attack destroyed our technology infrastructure and continues to impact our users.”
British Library CEO Rebecca Lawrence
Real-World Consequences: NHS, Co-op, British Library
The proposal follows a series of crippling attacks. One NHS breach was cited as a contributing factor in a patient’s death. The Co-op recently suffered a disruption from a cyberattack.
Shirine Khoury-Haq, Co-op CEO, said, “We know first-hand the damage and disruption cyber-attacks cause… This is a step in the right direction for building a safer digital future.”
The British Library was hit in 2023. CEO Rebecca Lawrence recalled, “The attack destroyed our technology infrastructure… we did not engage with the attackers or pay the ransom.”
She called for shared knowledge, “We are committed to sharing our experiences to help protect other institutions… and build collective resilience.”
90 Second Watch: The CyberEdge Wake Up Call Rethinking Ransomware Payments
The Ban Debate: Strategic Strike or Risky Gamble?
As with any new idea, the unknown clouds the wisdom of the UK’s moves ban on ransomware payments. Supporters argue that the measure cuts off criminals’ revenue, forcing them to abandon attacks. It also encourages organisations to build better defences and maintain robust backups. By making ransomware less profitable, advocates hope the threat will decline over time. They also point out that ransom payments may finance other criminal or terrorist activities, multiplying the harm.
Critics warn a ban could result in harsh consequences for some. Small businesses without strong recovery plans could face catastrophic disruption if they’re legally barred from paying. Additionally, a ban may drive ransom payments underground, making them harder to track and report.
Then there’s the old adage, ‘plans never survive contact with the enemy.’ Criminals may shift tactics, including threatening to leak sensitive data. Enforcement is also a challenge, especially with the rise of anonymous cryptocurrency transactions. Some experts argue that the ban could punish victims twice: first by hackers, and then by law.
The future will reveal how it perceives things when it arrives.
Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.
