UK to ban public sector and infrastructure workers from paying ransoms for ransomware attacks
The UK government has announced a policy to prohibit public sector and critical infrastructure officials from paying ransoms in the event of a ransomware attack.
UK to lead crackdown on cyber criminals with ransomware measures - GOV.UK
UK to ban public sector orgs from paying ransomware gangs
UK to ban ransomware payments by public sector organizations • The Register
https://www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/
Ransomware is a cyber attack that encrypts the system and data on the victim's PC, holding them hostage and demanding a ransom in exchange for decrypting them. In the UK, ransomware causes damage in the millions of pounds (hundreds of billions of yen) every year.
The UK government has decided to take measures to protect hospitals, businesses and essential services from ransomware attacks, and has announced a policy to prohibit critical infrastructure and public sector organizations, such as the National Health Service (NHS), local councils and schools, from paying ransoms to ransomware attackers. Although the content has not yet been finalized, it is said to be supported by almost 75% of respondents to the consultation.
The ban is intended to make ransomware gangs less attractive targets by signaling that they cannot extract ransoms from attacks on critical infrastructure and the public sector.
Even if a company is not subject to the 'ban on paying ransoms,' it must notify the government if it is attacked by ransomware and decides to pay a ransom. The government will then inform the company if paying a ransom would be considered a transfer of money to a sanctioned cybercrime group, making it illegal, and provide advice and assistance.
In addition, in order to put a stricter grip on ransomware gangs, there are also plans to make it mandatory to report ransomware attacks.
Security Minister Dan Jarvis said: 'Ransomware is a predatory crime that puts people at risk, destroys livelihoods and threatens the services we rely on. That's why we are determined to disrupt cybercrime's business models and protect the services we rely on as we deliver our Agenda for Change. By working with industry to take these measures, we are sending a clear message that the UK is united in the fight against ransomware.'
In 2024, the UK suffered a ransomware attack targeting its health service, causing major disruption.
A ransomware attack caused hospital systems to stop working, making it impossible to administer blood transfusions or perform surgery, leading to chaos at several hospitals in London and the cancellation of scheduled deliveries - GIGAZINE
in Security, Posted by logc_nt