New UK proposals to counter ransomware: Have your say.
Written by: Nigel Howle

The Home Office has announced a public consultation seeking views on three proposals aimed at striking a significant blow to the ransomware criminal business model.

Ransomware is the most acute cyber threat for most businesses in the UK, and the impact of an attack can affect every aspect of an organisation. This includes disrupting operational delivery, hitting finances, compromising customer data, eroding trust and damaging an organisation’s reputation.

The consultation will consider three proposals:

  • A targeted ban on ransomware payments for all public sector bodies and critical national infrastructure – expanding the existing ban on ransomware payments by government departments and making the essential services the country relies on the most unattractive targets for ransomware crime.
  • A ransomware payment prevention regime – increasing the National Crime Agency’s awareness of live attacks and criminal ransom demands, providing victims with advice and guidance before they decide how to respond, and enabling payments to known criminal groups and sanctioned entities to be blocked. This regime would support disruptive operations such as the recent success of Operation CRONOS, the NCA-led global collaboration to disrupt Lockbit in 2024, one of the most dangerous cyber crime networks in the world.
  • A mandatory reporting regime for ransomware incidents – bringing ransomware out of the shadows and maximising the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats and target their investigations on the most prolific and damaging organised ransomware groups.

The consultation can be accessed via GOV.UK and will close at 5pm on 8 April 2025.

The Government says UK businesses are set to be protected by new world-leading ransomware proposals to tackle the threat of cybercrime, which is estimated to cost the UK economy billions of pounds every year.

Aiming to strike at the heart of the cybercriminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals. This is an expansion of the current ban on payments by government departments.

This is in addition to making it mandatory to report ransomware incidents, to boost intelligence available to law enforcement and help them disrupt more incidents.

Security Minister Dan Jarvis said: “Driving down cybercrime is central to this government’s missions to reduce crime, deliver growth, and keep the British people safe. With an estimated $1 billion flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this government’s Plan for Change is built.

“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate. Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe.”

Jarvis pinpointed Russian affiliated criminal gangs as a major factor in ransomware attacks.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024, including 13 ransomware incidents which were deemed to be nationally significant and posed serious harm to essential services or the wider economy. Reporting to the NCA indicates the number of UK victims appearing on ransomware data leak sites has also doubled since 2022.

 

Related Articles

If you would like to get to know us better and discuss how we can help you,
email ITexpert@UKbusiness.IT or alternatively call us today on (01782) 26 44 55