The UK government plans to ban public sector and critical infrastructure organizations from paying ransoms following ransomware attacks. The list of entities that must comply with the new proposed legislation includes local councils, schools and the publicly funded National Health Service (NHS).
The UK government said: "Ransomware is estimated to cost the UK economy millions of pounds every year, with recent high-profile ransomware attacks highlighting the serious operational, financial and even life risks. This ban will target business models that fuel cybercriminal activity and make vital services that the public relies on less attractive to ransomware groups. "
“We are determined to dismantle cybercrime’s business models and protect the services we rely on while delivering our ‘Plan for Change’. By working with industry to advance these measures, we send a clear signal that the UK is united in the fight against ransomware,” added Security Secretary Dan Jarvis. "We are also developing a mandatory reporting system to provide law enforcement with vital information to track attackers and support victims."
Under the new measures, businesses not covered by the proposed ban must notify the government if they intend to pay ransom, seeking guidance to determine whether such payments violate laws regarding the transfer of funds to sanctioned cybercrime groups, many of which are based in Russia.
This follows a public consultation by the UK government in January proposing a ban on ransomware payments for all public sector agencies and critical national infrastructure, as well as measures to prevent ransomware payments and require mandatory reporting of ransomware incidents.
As noted at the time, ransomware is considered the UK’s biggest cybercrime threat and is considered a threat to UK national security by the National Cyber Security Center (NCSC) and the National Crime Agency (NCA).
In recent years, several well-known organizations in the UK have been hit by ransomware attacks, including the National Health Service (NHS) and the British Library.
British retail giant Marks & Spencer (M&S) was compromised in a ransomware attack in April. Attackers used DragonForce encryptors to encrypt virtual machines on VMware ESXi hosts, forcing M&S to stop accepting online orders and causing a significant impact on business operations at its 1,400 stores.
The cooperative suffered another cyberattack, confirming that the attackers stole the data of numerous current and former members. Harrods also revealed it had been forced to restrict internet access to some of its websites after threat actors attempted to breach its network.