15 January 2025 , 14:40
632
0
U.K. targets ransomware payments to protect critical services, preparing new measures that aim to disrupt cybercriminals and safeguard essential infrastructure.
The U.K. government has launched consultations on proposals to tackle ransomware, which is estimated to cost the country’s economy billions of pounds annually. The proposals focus on banning ransomware payments by public bodies, mandating incident reporting, and disrupting cybercriminal activities, reported by OCCRP.
The consultations will close on April 8, 2025.
The government aims to protect hospitals, railways, and public services from ransomware attacks, the Home Office said Tuesday in a statement.
These proposed measures are part of a broader effort to strengthen the U.K.’s defenses against cyber threats and safeguard critical infrastructure and essential services.
The measures would expand the current ban on ransomware payments by government departments to include all public sector bodies and critical national infrastructure, such as the National Health Service, local councils, and schools. By prohibiting payments, the government seeks to make these targets less appealing to cybercriminals.
Additionally, the proposals include making ransomware incident reporting mandatory to enhance intelligence for law enforcement and aid in disrupting attacks.
“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate,” Security Minister Dan Jarvis said.
According to the National Cyber Security Centre’s (NCSC) Annual Review 2024, ransomware attacks—largely carried out by Russian-affiliated criminal gangs—pose the most immediate and disruptive threat to the U.K.’s critical national infrastructure. These attacks cause more disruption and pose a greater risk than other types of cybercrime.
The NCSC reportedly managed 430 cyber incidents between September 2023 and August 2024, including 13 ransomware attacks deemed nationally significant, which caused severe harm to essential services or the wider economy.
NCSC CEO Richard Horne said the consultation is a crucial step in the effort to shield the U.K. from the devastating impact of ransomware attacks and their broader economic and societal costs.
“This isn’t just about having backups in place: organisations need to make sure they have tested plans to continue their operations in the extended absence of IT should an attack be successful, and have a tested plan to rebuild their systems from backups,” he said.
The government believes the new measures will bolster operations such as Operation Cronos, a National Crime Agency-led global effort to disrupt LockBit, one of the world’s most dangerous cybercrime networks. That operation, conducted nearly a year ago, was followed by a joint action in October 2024 by the U.K., U.S., and Australia, which resulted in sanctions against 16 individuals linked to the Evil Corp and LockBit cyber gangs.