The UK government launched a consultation to explore a nationwide ban preventing operators of critical national infrastructure from bowing to demands from ransomware cybercriminals.
In the Jan. 14 proposal, the Home Office proposed a “targeted ban” on ransomware payments for all public sector bodies and critical national infrastructure such as the energy, health service and local councils, expanding an existing ban on government departments.
Other nations have been exploring similar bans. In 2023, Australia considered whether ransomware payments should be made illegal after a cyberattack hit consumer lender Latitude Financial. The US was also exploring a ban around the same time.
UK Security Minister Dan Jarvis said the goal is to protect national security by cutting off cyber criminals from ransomed funds. Many ransomware attackers ask for cryptocurrency payments.
“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate,” Jarvis said.
Ransomware attacks threaten our national security & damage our economy.
We’re taking action to deter the cyber criminals responsible by disrupting & defeating their business models.
Our aim is simple: defend our national security & economic prosperity. pic.twitter.com/8DFrXtYlfI
— Dan Jarvis MP (@DanJarvisMBE) January 14, 2025
According to the Home Office, the proposals aim to make essential services in the country “unattractive targets” for cybercriminals.
Other parts of the proposals include a ransomware payment prevention regime to provide victims with advice and guidance and enable payments to known criminal groups and sanctioned entities to be blocked.
A mandatory reporting regime for ransomware incidents is also being floated to help UK law enforcement agencies target frequent offender groups or entities. The consultation will run until April 8.
According to the Home Office, cyberattacks on a key London hospital supplier and postal service and courier company, Royal Mail, had “devastating impacts” on the public. The January 2023 cyberattack on the Royal Mail brought international shipping of parcels and letters through its branches to a standstill.
An August 2022 cyberattack on health-service software provider Advanced Computer Software Group exposed the personal data of nearly 83,000 individuals.
The government office said that the National Cyber Security Centre managed 430 cyber incidents over the year ending August 2024, including 13 “nationally significant” incidents that “posed serious harm to essential services or the wider economy.”
Related: Crypto’s record-breaking year sees spike in kidnappings and ransom schemes
Meanwhile, the UK’s 2024 National Cyber Security Centre’s (NCSC) Annual Review found ransomware attacks “continue to pose the most immediate and disruptive threat.”
According to the review, in June 2024, a ransomware attack on pathology laboratory Synnovis delayed elective procedures and outpatient appointments. A separate ransomware attack on Oct. 28 saw the British Library’s online systems comprised.
Magazine: Crypto market is ‘not playing ball’ so far in 2025: Jason Pizzino, X Hall of Flame
