LONDON: The UK government has proposed a nationwide prohibition on ransom payments by public sector entities and critical infrastructure operators, including the NHS, local councils, and public schools, to tackle the growing threat of ransomware attacks.
The new policy, announced on Tuesday, seeks to “smash the cyber criminal business model” and marks one of the UK’s strongest stances yet in its ongoing fight against ransomware attacks. Security Minister Dan Jarvis stated, “We are sending a clear signal that the UK is united in the fight against ransomware.”
Crippling Attacks Spark Policy Shift
Britain has faced numerous high-profile cyberattacks in recent years, including the 2017 WannaCry incident, which severely disrupted NHS operations, and the 2023 British Library breach. In a more recent attack, a ransomware incident targeting NHS systems was linked to contributing to a patient’s death, underlining the critical consequences of such cyber threats.
A spate of data breaches involving major UK retailers like Marks & Spencer and the Co-op Group this year further heightened concerns, as public confidence in digital infrastructure faltered. According to government estimates, ransomware is costing the UK economy millions of pounds annually, amounting to over ₹100 crore each year (GBP £10 million).
Mandatory Reporting and Government Oversight
The proposed framework will not only prohibit ransom payments by state-funded bodies but will also establish a ransomware payment prevention regime. For private organisations not covered by the ban, new regulations will require prior notification to government authorities before any ransom payment is made. This step aims to provide guidance and gather intelligence on ransomware operations.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Additionally, a ransomware incident reporting mechanism is being developed to strengthen the National Cyber Security Centre’s ability to pre-empt and disrupt cybercriminal activities.
The government believes this multi-pronged approach will reduce the profitability of ransomware attacks and bolster national cybersecurity resilience.