UK Government considering ban on public sector ransomware

he Home Office has launched a consultation on three “world-leading” proposals to combat cybercrime.

The proposals address the growing rate of ransomware attacks, which poses the “most immediate and disruptive threat to the UK’s critical national infrastructure (CNI)”, the National Cyber Security Centre (NCSC) has said.

Ransomware payments occur when a cybercriminal infects a victim’s computer with a malicious software and demands a payment in order to give them back access to their system, for their data to be restored or for it not to be leaked onto the web.

The consultation will look into extending the ban on ransomware payments, which already covers government departments, to public sector bodies and CNI including the NHS, local councils and schools.

It is hoped that by expanding the ban, these sectors will become “unattractive targets” for cybercriminals.

Security minister Dan Jarvis said: “Driving down cybercrime is central to this government’s missions to reduce crime, deliver growth, and keep the British people safe.

“With an estimated $1bn flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this government’s Plan for Change is built.”

Proposals also include making it mandatory to report ransomware incidents to help law enforcement agencies manage and divert incidents.

The consultation follows on from intergovernmental minister Pat McFadden warning Nato members of a looming Russian cyber-attack in November.

Russia-linked hackers are the most common beneficiaries of ransomware payments. In 2021 almost three quarters of all the money made through ransomware attacks was “highly likely to be affiliated with Russia", according to research by analysis firm Chainalysis.

The third proposal looks into setting up a ransomware payment prevention regime in a bid to improve the National Crime Agency’s awareness of live attacks and criminal ransom demands. The new regime would allow the organisation to block payments to known criminal groups and sanctioned entities as well as advise victims on how to respond to threats.

Jarvis added: “These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate.

“Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe.”

From September 2023 to August 2024, the NSCS managed more than 400 cyber incidents, including 13 ransomware incidents which “posed serious harm to essential services or the wider economy.”

Reporting to the NCA also suggests the number of UK victims appearing on ransomware data leak sites has also doubled since 2022.

NCSC chief executive Richard Horne added: “This consultation marks a vital step in our efforts to protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs.

“Organisations of all sizes need to build their defences against cyber attacks such as ransomware, and our website contains a wealth of advice tailored to different organisations.  In addition, using proven frameworks like Cyber Essentials, and free services like NCSC’s Early Warning, will help to strengthen their overall security posture.

“And organisations across the country need to strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks. This isn’t just about having backups in place: organisations need to make sure they have tested plans to continue their operations in the extended absence of IT should an attack be successful, and have a tested plan to rebuild their systems from backups.”