The UK government plans to ban public bodies from paying ransoms to cyber criminals. This includes hospitals, schools, councils and services that manage important infrastructure. Officials say this will help protect the public and stop cyber attacks from being profitable.
Ransomware locks or steals data from computer systems, and often criminals then demand a payment to return access or stop the release of stolen data. These attacks have caused a large set of problems in recent years. They have affected the NHS, the BBC, the British Library, and the Ministry of Defence. In 2017, the NHS was badly hit by the WannaCry attack, which forced hospitals to cancel appointments and turn away patients.
The Home Office says the ban will make public services less tempting targets. If attackers know they won’t get paid, they may look elsewhere. The measure comes after a public consultation where 74% of people supported the idea. Security Minister Dan Jarvis said the goal is to stop cyber criminals from making money off essential services.
Why Is The Government Doing This?
Recent attacks have shown how much damage ransomware can cause. In one case, an NHS trust said a ransomware attack contributed to a patient’s death. Criminals locked the system and delayed care.
Other sectors have suffered too, such as the Co-op supermarket chain having faced delays after a ransomware group targeted a software supplier it used. The British Library was offline for weeks after an attack in 2023. Repairing the damage often costs more than the ransom itself.
The government says the new rules are part of wider plans to protect important services. Public support for change has grown after each new attack. Ministers believe strong action now can help prevent more chaos in the future.
What Will Businesses Need To Do?
The rules will mainly affect public organisations, but private companies will still have new duties. Any business that plans to pay a ransom will have to tell the government first. The authorities can then advise them, especially if the payment risks breaking laws. Many ransomware groups are linked to countries under UK sanctions, including Russia.
Mandatory reporting is also being developed. This will mean companies have to report any ransomware attacks they suffer. That will help police and cyber security teams investigate attacks more quickly.
It will also give the government a clearer picture of how ransomware is spreading. This could help them spot patterns or stop attacks before they happen. While it won’t stop every case, it could reduce the damage.
Does Banning Ransom Payments Work?
This kind of ban is new…. North Carolina and Florida in the US have passed similar laws, but there isn’t much data yet on the results. Some people think bans make attacks less common. Others are afraid that organisations might pay criminals in secret if they feel desperate.
The UK would be the first country to pass a nationwide ban on ransom payments for public services. Whether or not it works, the outcome will matter, also for other countries.
More from News
- How Many Prompts Does ChatGPT Actually Receive?
- First-Ever Trade Mission To South Africa for Sadiq Khan, Mayor of London
- New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk
- Why Is OpenAI Partnering With The UK Government?
- Experts Share: Would EU Businesses Consider Moving To UK After Trump’s 30% Tariff?
- What Happened With WeTransfer’s AI Policies, And Why Were Users Outraged?
- How Are Kids Using AI Companions, And What Are The Risks To This?
- How Are Smartphones Helping People Prepare For Earthquakes?
What Do Officials Say?
Dan Jarvis, UK’s Security Minister said, “Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on.
“That’s why we’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change.
“By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware.”
Rebecca Lawrence, Chief Executive at British Library said, “The British Library, which holds one of the world’s most significant collections of human knowledge, was the victim of a devastating ransomware attack in October 2023.
“The attack destroyed our technology infrastructure and continues to impact our users, however, as a public body, we did not engage with the attackers or pay the ransom. Instead, we are committed to sharing our experiences to help protect other institutions affected by cyber-crime and build collective resilience for the future.”
Jonathon Ellison, Director of National Resilience at NCSC said, “These new measures help undermine the criminal ecosystem that is causing harm across our economy.
“Ransomware remains a serious and evolving threat, and organisations must not become complacent. All businesses should strengthen their defences using proven frameworks such as Cyber Essentials and our free Early Warning service, and be prepared to respond to incidents, recover quickly, and maintain continuity if the worst happens.”
Shirine Khoury-Haq, Co-op’s CEO said, “We know first-hand the damage and disruption cyber-attacks cause to businesses and communities. That’s why we welcome the government’s focus on Cyber Crime.
“What matters most is learning, building resilience, and supporting each other to prevent future harm. This is a step in the right direction for building a safer digital future.”