The government will consult on proposals to protect hospitals, railways and public services from ransomware attacks.
UK businesses are set to be protected by new world-leading ransomware proposals to tackle the threat of cybercrime, which is estimated to cost the UK economy billions of pounds every year.
Ransomware is malicious software which infects a victim's computer and demands a ransom from them in order to give them back access to their system, for their data to be restored, and often for the hackers not to publish the victim's data on the web.
Aiming to strike at the heart of the cybercriminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals. This is an expansion of the current ban on payments by government departments.
This is in addition to making it mandatory to report ransomware incidents, to boost intelligence available to law enforcement and help them disrupt more incidents.
The proposals will help the government deliver on its Plan for Change by protecting the public services and infrastructure people rely on from disruption and huge costs.
Security Minister Dan Jarvis said:
Driving down cybercrime is central to this government's missions to reduce crime, deliver growth, and keep the British people safe.
With an estimated $1 billion flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this government's Plan for Change is built.
These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate.
Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe.
Carried out largely by Russian affiliated criminal gangs, ransomware attacks continue to pose the most immediate and disruptive threat to the UK's critical national infrastructure, according to the National Cyber Security Centre's (NCSC) Annual Review 2024. They also cause more disruption and pose a greater risk than other cybercrimes.
Recent cyberattacks have included a key supplier to London Hospitals and Royal Mail, with devastating impacts on the public.
The Home Office-led consultation will consider 3 proposals:
- A targeted ban on ransomware payments for all public sector bodies and critical national infrastructure - expanding the existing ban on ransomware payments by government departments, and making the essential services the country relies on the most unattractive targets for ransomware crime.
- A ransomware payment prevention regime - increasing the National Crime Agency's (NCA) awareness of live attacks and criminal ransom demands, providing victims with advice and guidance before they decide how to respond, and enabling payments to known criminal groups and sanctioned entities to be blocked.
- A mandatory reporting regime for ransomware incidents - bringing ransomware out of the shadows and maximising the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats, and target their investigations on the most prolific and damaging organised ransomware groups.
The NCSC managed 430 cyber incidents between September 2023 and August 2024, including 13 ransomware incidents which were deemed to be nationally significant and posed serious harm to essential services or the wider economy. Reporting to the NCA indicates the number of UK victims appearing on ransomware data leak sites has also doubled since 2022.
With the Crime Survey for England and Wales also estimating that almost a million (952,000) computer misuse offences were committed against individuals in England and Wales in the year ending June 2024, and new polling showing that 84% and 72% of the UK public are concerned about the threat of ransomware to UK infrastructure and businesses respectively, the government's proposals set out necessary action to protect UK consumers, businesses, infrastructure and public services against the ransomware threat.
The measures form part of a wider push across government to improve the UK's defences against cyber threats and protect the UK's critical infrastructure and essential services.
The new regime would support recent operations such as the successful Operation Cronos, the NCA-led global collaboration to disrupt LockBit, one of the most dangerous cybercrime networks in the world.
It also follows international action to tackle the threat of cybercrime through the UK-led Counter Ransomware Initiative (CRI) guidance published in September 2024 to boost global ransomware resilience, which was supported by 40 CRI members and 8 global insurance bodies.
The most recent joint action in October 2024 by the UK, USA and Australia led to the sanction of 16 individuals linked to the Evil Corp and LockBit cyber gangs.
National Cyber Security Centre CEO Richard Horne said:
This consultation marks a vital step in our efforts to protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs.
Organisations of all sizes need to build their defences against cyber attacks such as ransomware, and our website contains a wealth of advice tailored to different organisations. In addition, using proven frameworks like Cyber Essentials, and free services like NCSC's Early Warning, will help to strengthen their overall security posture.
And organisations across the country need to strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks. This isn't just about having backups in place: organisations need to make sure they have tested plans to continue their operations in the extended absence of IT should an attack be successful, and have a tested plan to rebuild their systems from backups.
