- The UK plans to ban public sector and critical infrastructure organizations from paying Ransomware demands.
- New rules would require mandatory reporting of ransomware incidents within 72 hours and detailed follow-ups within 28 days.
- A public consultation found most support for the ban, but opinions are divided on penalties for non-compliance.
- The Home Office is reviewing whether penalties for violating the ban should be civil or criminal.
- Ransomware remains a major threat in the UK, impacting organizations like the National Health Service and the British Library.
The United Kingdom is moving forward with plans to ban all public sector bodies and operators of critical national infrastructure from paying ransomware demands. The proposed ban, announced Tuesday, aims to reduce incentives for cybercriminals targeting essential services like energy providers, health services, and local councils.
The new measures follow a public consultation by the UK Home Office, which also calls for a mandatory reporting system. Organizations affected by ransomware attacks would have to inform the government within 72 hours and provide more detailed information within 28 days. The Home Office seeks to expand an existing ban that previously only applied to government departments.
Dan Jarvis, the UK security minister, stated, “The Home Office is determined to smash the cyber criminal business model and protect the services we all rely on,” highlighting plans to collaborate with industry partners. The document explains ransomware as a type of Malware that locks files or systems until a ransom—typically paid in cryptocurrency—is received.
A report from Chainalysis noted that ransomware attacks dropped by 35% last year compared to the previous year. Other sources, such as CertiK, indicate that most crypto-related losses in 2024 have come from wallet and phishing attacks instead.
During the consultation, nearly three-quarters of respondents supported the targeted ban, while just over 20% disagreed. The idea of mandatory reporting for all attacks had the backing of 63% of participants. However, opinions were mixed on what penalties to enforce if organizations failed to comply; while many agreed penalties are needed, respondents were divided over whether these should be civil or criminal in nature.
The 2024 National Cyber Security Centre’s Annual Review highlighted ransomware as the most immediate and disruptive threat facing the UK. Recent attacks have delayed NHS surgeries and impacted technology systems at the British Library. Rebecca Lawrence, the British Library Chief Executive, described a June 2024 ransomware attack as one that “destroyed our technology infrastructure and continues to impact our users.”
Internationally, other countries have taken a range of approaches. Australia recently began enforcing mandatory ransomware reporting for large businesses and operators of critical infrastructure, after earlier rejecting a full ban on ransomware payments. In contrast, US lawmakers proposed to block budget for cyberattack disclosure rules for public companies.
For more, the full government response document is available here.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Chainlink (LINK) Targets $23 After Bullish Double-Bottom Breakout
- Dan Tapiero Merges Firms Into 50T, Eyes $50T Digital Asset Market
- Amazon Stock Forecasts Raised Ahead of July 31 Earnings Report
- PNC Bank Partners with Coinbase to Launch Crypto Trading Platform
- Saylor Claims MicroStrategy IPO Debuts World’s First BTC Yield Curve
