Government proposals could stop public sector from making ransomware payments
New Government proposals aimed at tackling cyber crime could mean, all public sector bodies and critical national infrastructure will be prohibited from making ransomware payments.
The Home Office is initiating a consultation that will contemplate extending the current ban on such payments by government departments, which are frequently demanded by cybercriminals to unlock or return files they have infiltrated after breaching a computer system. The proposals also encompass a ransomware payment prevention regime, intended to enhance the National Crime Agency’s awareness of ongoing attacks and halt payments to recognised criminal groups and sanctioned entities.
Plans are also in place to make reporting of ransomware incidents compulsory to augment the intelligence accessible to law enforcement. The Home Office expressed its belief that the implementation of this new scheme would render national infrastructure and public sector bodies like the NHS, local councils, and schools less attractive targets for criminal gangs.
READ MORE: Drivers born before 1955 could be made to take two new tests to keep their licence
READ MORE: Exact date UK households could stop paying for BBC TV Licence in £174 cash boost
Recent cyber attacks have targeted a key supplier to London Hospitals and Royal Mail, causing significant disruption to the public.
Security minister Dan Jarvis said: “Driving down cyber crime is central to this Government’s missions to reduce crime, deliver growth, and keep the British people safe. “With an estimated one billion dollars flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this Government’s Plan for Change is built.
“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate. “Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe.”
The National Cyber Security Centre (NCSC), the UK's cyber defence agency, has previously identified ransomware as one of the most significant cyber threats facing the nation.
Richard Horne, Chief Executive of the NCSC, stated: "This consultation marks a vital step in our efforts to protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs. Organisations of all sizes need to build their defences against cyber attacks such as ransomware, and our website contains a wealth of advice tailored to different organisations.
"In addition, using proven frameworks like Cyber Essentials, and free services like NCSC’s Early Warning, will help to strengthen their overall security posture. And organisations across the country need to strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks."
"This isn’t just about having backups in place: organisations need to make sure they have tested plans to continue their operations in the extended absence of IT should an attack be successful, and have a tested plan to rebuild their systems from backups."
Deputy Director Paul Foster, who leads the National Cyber Crime Unit at NCA, highlighted the severity of ransomware, saying: "Ransomware is the most significant cybercrime threat facing the UK and the world, with attacks costing millions in terms of losses and recovery."