The UK government has proposed a ban on ransom payments by public sector bodies, including hospitals and schools, as part of a broader strategy to combat the growing threat of ransomware attacks.
The United Kingdom has unveiled plans for a sweeping reform to its approach to ransomware attacks. The government proposed banning public sector bodies, including hospitals and schools, from making ransom payments. It also tries to introduce mandatory reporting of all ransomware incidents to improve transparency and bolster law enforcement efforts.
Ransomware attacks have been rising steadily for the past five years, but authorities are increasingly worried about underreporting, which limits visibility into the scale of the problem. The proposed reporting requirement is designed to bring these incidents to light, enabling better tracking of threats and more targeted action against organized ransomware groups.
The government is seeking public feedback on whether the reporting requirements should apply across the economy or be limited to specific organizations based on certain thresholds. For example, Australia mandates incident reporting only for businesses with an annual turnover exceeding AU$3 million ($2 million), which captures roughly half of the country's economic activity.
Implementation of the proposed system will rely heavily on the functionality of an operational reporting platform. However, the UK’s current national reporting platform, Action Fraud, has faced delays in its replacement, potentially complicating the rollout of the new regime.
The government intends to introduce the ransomware legislation after the consultation period ends on April 8. It remains unclear whether this will be a standalone law or integrated into the broader Cyber Security and Resilience Bill, which is expected later this year.
The consultation includes a targeted ban on ransomware payments for public sector organizations and critical national infrastructure, a move aimed at deterring ransomware groups from targeting necessary services. Security Minister Dan Jarvis stated that reducing cybercrime is central to the government’s mission to keep citizens safe, adding that these measures “hit criminal networks in their wallets” and disrupt their financial operations.
The proposed regime also seeks to provide real-time insights to the National Crime Agency, allowing for guidance during active ransomware attacks. Additionally, sanctions authorities would gain the power to block payments, particularly those to sanctioned entities or state-affiliated groups.
Richard Horne, head of the National Cyber Security Centre (NCSC), called the consultation a vital step in protecting the UK from ransomware's economic and societal impacts.
The UK’s proposals to ban ransom payments and increase reporting try to curb ransomware attacks, particularly in the public sector. The approach seeks to reduce financial incentives for cybercriminals while improving response efforts. If successful, it could influence global strategies and set a precedent for tackling ransomware. Effective reporting systems and sufficient support for victims will be necessary for its success.
The goal is to reduce the financial incentives for cybercriminals targeting necessary services, such as hospitals and schools while promoting stronger defenses and more transparency.
The government plans to require public sector organizations to report all ransomware attacks, which will help improve tracking, provide better visibility into the scale of threats, and enhance law enforcement efforts.
At this stage, the proposal is primarily directed at public sector bodies, though the consultation seeks feedback on whether it should extend across the wider economy.
If successful, the UK's approach could serve as a model for other countries looking to reduce ransomware attacks and disrupt cybercriminal networks by targeting their financial operations.