Ransomware, considered by British authorities to be the UK’s greatest cybercrime threat, costing the nation billions of pounds and with the capbility to bring essential services to a standstill, is in the gunsights of government.
The Home Office has confirmed that it is seeking to legally ban public bodies from paying ransom demands to cybercriminals.
The ban would prevent operators of critical national infrastructure, the NHS, local councils and school, from giving in to digital extortionists – in the hope that criminals will have their business model disrupted, and that consequently they will find such organisations a less attractive target in future.
And the proposals don’t end there. The UK government is also looking at requiring businesses not covered by the ban to notify the authorities of any intent to pay a ransom.
The idea is that organisations that have fallen victim to a ransomware attack would be given advice and support, including warning them if they risked breaking the law by sending funds to sanctioned criminal gangs, many of whom are based in Russia.
Mandatory reporting would also, of course, help provide more intelligence around the activities of ransomware groups to law enforcement. The hope is that gathering more actionable intelligence on ransomware operations might help to hunt down the perpetrators.
“Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on,” said Security Minister Dan Jarvis. “That’s why we’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change.”
“These new measures help undermine the criminal ecosystem that is causing harm across our economy,” said the NCSC’s Jonathan Ellison.
Public awareness of ransomware has never been higher in the United Kingdom, following a series of attacks on high-street names including Marks & Spencer and Co-op.
Last week the Co-op’s CEO Shirine Khoury-Haq appeared on the BBC, confirming that all 6.5 million of its members had had their personal data stolen.
British police have arrested a 20-year-old woman and three teenagers in connection with the attacks.
Commenting on the UK government’s plans, Co-op’s Khoury-Haq said: “We know first-hand the damage and disruption cyber-attacks cause to businesses and communities. That’s why we welcome the government’s focus on Cyber Crime. What matters most is learning, building resilience, and supporting each other to prevent future harm. This is a step in the right direction for building a safer digital future.”
