The UK government is proposing a ban on schools, the NHS, and local councils from making ransomware payments to tackle cyber-attacks.
According to The Guardian* this ban will also extend to critical national infrastructure operators. Private companies will need to report ransomware payments to the government, which could block payments to sanctioned groups or foreign states. Reporting ransomware attacks will become mandatory if the proposals become law.
The proposals aim to make public sector and infrastructure organizations less attractive targets for ransomware gangs. They include a new payment prevention regime and a mandatory ransomware incident reporting system. The security minister emphasized the importance of these measures to protect national security and disrupt criminal networks financially.
The UK Home Office announced that the Government will re-examine its approach to reducing Ransomware attacks by considering introducing a mandatory ban on ransomware payments by public bodies and entities classed as part of the UK’s critical national infrastructure including the NHS, local councils, and schools and the mandatory reporting more broadly of Ransomware attacks to curtail the funding that sustains illicit cyber-criminal activity.
Policy makers have to amongst other things, to balance the merits of allowing or overlooking ransomware payments in certain circumstances, against the potential risks or harms related to an outright ban. This consultation is an opportunity to consider all the angles as part of wider Government efforts to undermine the business model of these criminal groups and enhance cyber resilience in the UK against such threats.
by Andy Garth, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 