Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
UK public sector and critical infrastructure organizations could be banned from paying ransoms under new UK government proposals.
UK Home Office began counseling on Tuesday it proposes a “targeted ban” on ransomware payments. Under the proposal, public sector bodies, including local councils, schools and NHS trusts, would be banned from paying ransomware hackers, which the government said would “strike at the heart of the cybercrime business model”.
The government’s proposal comes after a wave of cyber attacks targeting the UK public sector. NHS last year declared a “critical” incident following a cyberattack on pathology lab provider Synnovis, which led to a massive breach of sensitive patient data and months of disruption, including canceled surgeries and emergency patient diversions. according to New information obtained by BloombergThe cyberattack on Synnovis resulted in injuries to dozens of patients, and in at least two cases, long-term or permanent damage to their health.
Newly unveiled proposals from the UK government would also make it a criminal offense for critical infrastructure organizations, such as businesses in the energy and communications sectors, to pay ransoms in the event of a ransomware attack. UK government departments are already banned from paying ransomware groups.
The UK’s proposals also detail a new mandatory reporting regime for ransomware incidents, requiring victims of cyber-attacks not covered by the ban to report the incident to the government. Another proposal proposes a program aimed at preventing ransom payments to sanctioned entities, which the government would have the power to block.
Security Minister Dan Jarvis said: “With an estimated $1 billion flowing to ransomware criminals globally in 2023, it is vital that we act to protect national security as the key foundation on which this government’s Change Plan is built.
“These proposals help us meet the scale of the ransomware threat, hit these criminal networks in the wallet and cut off the main financial pipeline they rely on to operate,” said Jarvis.
The UK’s National Cyber Security Center handled 430 cyber incidents in the year ending August 2024, including 13 “nationally significant” ransomware incidents, according to data shared by the Home Office on Tuesday. These were carried out “mainly by Russian-linked criminal gangs”, the Home Office said, continuing to pose an “immediate and disruptive threat” to the UK’s critical national infrastructure.
The UK’s National Crime Agency took action against one of these gangs in October 2024. Unmasking an alleged branch of the prolific Russian-linked LockBit ransomware group. LockBit has previously been associated with cyberattacks NHS IT vendor Advanced.
The UK has not said whether it plans to introduce the measure to lawmakers in parliament. The consultations of the Ministry of Internal Affairs will end in April 2025.
In the United States, the federal government has long urged not to pay ransom demands, but has been reluctant to impose an outright national ban on ransom payments. However, In October 2023An alliance of more than 40 countries, led by the United States, will not pay ransom to deprive cybercriminals of their sources of income.
