The United Kingdom’s Home Office is considering a major change to how public sector bodies deal with ransomware attacks, proposing a ban on ransomware payments.

Ransomware has emerged as one of the greatest cybersecurity threats, thanks mainly to the huge financial upside for ransomware groups. Attacks target individuals, businesses, and organizations, often using social engineering to convince an unsuspecting user to install malware, which then encrypts their files until they pay a ransom for the decryption key. Advanced malware is designed to infiltrate entire networks—including backups if possible—crippling entire organizations in one fell swoop.

Cybersecurity experts and government agencies around the world have warned that paying ransoms make the situation worse by increasing the incentives for bad actors to continue their activities. Unfortunately, few companies follow the advice to not pay, prioritizing becoming operational again.

The Home Office appears to be ready to force the issue, at least with public sector bodies and critical infrastructure, consulting on proposal to ban them from making payments. The government laid out its intentions in a news brief.

Aiming to strike at the heart of the cybercriminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals. This is an expansion of the current ban on payments by government departments.

This is in addition to making it mandatory to report ransomware incidents, to boost intelligence available to law enforcement and help them disrupt more incidents.

The Home Office-led consultation will focus on three proposals:

1. A targeted ban on ransomware payments for all public sector bodies and critical national infrastructure – expanding the existing ban on ransomware payments by government departments, and making the essential services the country relies on the most unattractive targets for ransomware crime.
2. A ransomware payment prevention regime – increasing the National Crime Agency’s (NCA) awareness of live attacks and criminal ransom demands, providing victims with advice and guidance before they decide how to respond, and enabling payments to known criminal groups and sanctioned entities to be blocked.
3. A mandatory reporting regime for ransomware incidents – bringing ransomware out of the shadows and maximising the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats, and target their investigations on the most prolific and damaging organised ransomware groups.

“Driving down cybercrime is central to this government’s missions to reduce crime, deliver growth, and keep the British people safe,” said Security Minister Dan Jarvis.

“With an estimated $1 billion flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this government’s Plan for Change is built. These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate.

“Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe.”

National Cyber Security Centre CEO Richard Horne underscored the importance of protecting the UK from cyberattacks:

“This consultation marks a vital step in our efforts to protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs,” said Horne.

“Organisations of all sizes need to build their defences against cyber attacks such as ransomware, and our website contains a wealth of advice tailored to different organisations. In addition, using proven frameworks like Cyber Essentials, and free services like NCSC’s Early Warning, will help to strengthen their overall security posture.

“And organisations across the country need to strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks. This isn’t just about having backups in place: organisations need to make sure they have tested plans to continue their operations in the extended absence of IT should an attack be successful, and have a tested plan to rebuild their systems from backups.”