UK Government Moves to Ban Ransomware Payments
The UK is advancing a ban on public sector and critical national infrastructure entities from paying ransomware demands, expanding previous regulations limited to government departments.
Proposals released on Tuesday following a public consultation include:
- A ban on ransomware payments across all public sector bodies and critical infrastructure like energy, health services, and local councils.
- A prevention regime requiring organizations not covered by the ban to report intentions to pay a ransom.
- A mandatory threshold-based reporting system necessitating victims to provide the government with key details within 72 hours of an attack, followed by a comprehensive analysis within 28 days.
UK security minister Dan Jarvis emphasized the Home Office’s commitment to combat cybercrime and protect essential services through collaboration with industry.
Source: Dan Jarvis
Ransomware, malicious software that encrypts systems until a ransom is paid, often demands payment in cryptocurrency. Despite a 35% decrease in attacks last year, as reported by Chainalysis in February, cyber threats remain significant.
Public Consultation Findings
From January 14 to April 8, the Home Office’s consultation garnered 273 responses: 57% organizations, 39% individuals, and 4% others. Nearly 75% supported a ransomware payment ban, though opinions diverged on penalties.
– Only 21% opposed the ban.
– 63% favored the proposed threshold-based reporting system, while 41% supported maintaining the current voluntary system.
– The necessity and nature of penalties for violating these measures stirred debate, with mixed opinions on whether to apply criminal or civil penalties to victims.
Source: UK Home Office
Ransomware’s Immediate Threat
The UK’s 2024 National Cyber Security Centre’s Annual Review highlighted ransomware as a pressing threat. Notable incidents included a June attack on Synnovis, delaying key medical procedures, and a recent breach affecting the British Library’s online systems. Chief Executive Rebecca Lawrence stated the attack devastated their technology infrastructure.
Global Context
While the UK pushes for tighter regulations, the US House Republicans have sought to cut funding for rules requiring public companies to disclose cyber incidents within four days. Meanwhile, Australia has mandated ransomware demand reporting for businesses earning over 3 million AUD since May, in response to previous cyberattacks.
Comments (4)
Danjuma Abbas
14:10 - 23/07/2025
Great
Oludare Babatunde
11:16 - 23/07/2025
Awesome 😎
Oludare Babatunde
11:16 - 23/07/2025
Awesome 😎
nhantvxd@gmail.com
10:11 - 23/07/2025
Ok