The UK aims to block ransom payments to cyber attackers, as public institutions and crucial infrastructure organizations face new policy proposals. The Home Office of the UK has initiated a consultation to discuss broadly targeted restrictions on ransom payments – a move geared to dismantle the revenue model of cybercriminals.
These legislative moves come amidst an escalated wave of cyberattacks targeting public sector bodies – NHS trusts, schools, and local councils. The move is prompted by multiple severe cyber-attacks, most notably the data breach at pathology lab provider Synnovis. The attack led to repercussions such as patient data exposure, postponed surgeries, and rerouting of emergency treatments.
The proposed government policies would render ransom payments, in event of ransomware attacks, a penal offense for critical infrastructure groups like those in energy and communication sectors. Already, existing regulations prevent government departments from compensating ransomware attackers.
The proposals further incorporate some mandated reporting for victims of ransomware attacks not covered by the ban. This would involve the victims reporting the cyber incident to the government.
Quoting Security minister Dan Jarvis, “we must act to defend national security, considering the predicted inflow of $1 billion globally to ransomware criminals in 2023.”
A review of the past year till August 2024, by the National Cyber Security Centre, disclosed 430 cyber incidents. Of these, 13 were of national significance, and were largely conducted by Russia-affiliated criminal gangs.
An alleged affiliate of the notorious LockBit ransomware group was unmasked by the National Crime Agency in October 2024, signaling a crackdown against such organizations.
However, it remains undecided if these proposals will be presented before Parliament for consideration. The Home Office plans to conclude the ongoing consultation by April 2025.
Original source: Read the full article on TechCrunch
