The UK government is considering a prohibition on public sector bodies making ransomware payments, with the aim to strengthen national defences against cyberattacks.
Under these proposals, schools, the NHS and local councils would join government departments in being banned from paying ransoms to hackers who hold IT systems hostage. The ban would also extend to critical national infrastructure, including energy and transport networks.
Private companies are facing stricter oversight with payments needing to be reported to the government and could be blocked if the funds are directed to sanctioned groups or hostile foreign states.
Described by experts as ‘the most significant intervention against ransomware by any national government to date’, these measures aim to remove the appeal of targeting UK organisations.
Ransomware gangs, which encrypted victims’ systems and extracted data before demanding cryptocurrency payments, earned US$1.1 billion globally in 2023.
Andy Ward, SVP International at Absolute Security, said: “The main security goal of any organisation is to maintain uptime for as long as possible, ensuring that systems remain online and functional even in the face of a cyberattack. Banning ransomware payments requires security teams to double down on cyber-resilience, building infrastructure that can withstand major ransomware attacks, recover IT systems swiftly and remain operational in the face of adversity.”
