UK Officials Consider Banning Ransomware Payments from Public Entities

The UK government is poised to take a decisive step in the fight against ransomware by banning public sector entities from paying ransoms. This collection of proposals, part of a broader effort to protect critical national infrastructure, aims to disrupt the business model of cybercriminals and shield essential services like the NHS, schools, and local councils from becoming easy targets.

Ransomware has become one of the most immediate and disruptive cyber threats to the UK. The National Cyber Security Centre (NCSC) reports that ransomware incidents have doubled since 2022, with attacks on vital infrastructure like hospitals and mail services causing widespread chaos. An estimated $1 billion was funneled to ransomware criminals globally in 2023. The NCSC managed 430 cyber incidents between September 2023 and August 2024, including 13 significant ransomware events.

3 Key Proposals Under Consideration#

The UK Home Office is set to consider three proposals to increase incident reporting and reduce payments to criminals:

1. Expanding the Ban on Ransom Payments: The ban will now apply to all public sector bodies and critical infrastructure, not just government departments. This expansion is designed to make essential services less attractive to cybercriminals.
2. Ransom Payment Prevention Regime: This measure will increase the National Crime Agency’s (NCA) oversight of ransomware incidents. By monitoring live attacks and criminal demands, the NCA will offer guidance to victims and prevent payments to sanctioned entities.
3. Mandatory Reporting of Ransomware Attacks: Organizations will be required to report incidents, boosting intelligence for law enforcement and enabling better-targeted responses to emerging threats.

The NCSC’s 2024 Annual Review revealed that ransomware remains a top concern, as recent high-profile attacks, including disruptions to London hospitals and Royal Mail, have demonstrated the devastating potential of these crimes. Polling data shows public concern is widespread:

• 84% of the UK public worry about ransomware threats to infrastructure.
• 72% fear the impact on businesses.

A Coordinated Approach#

The UK’s efforts are part of a larger international push against ransomware. Operations like the NCA-led disruption of the LockBit network and the sanctioning of major cybercrime actors demonstrate the effectiveness of global collaboration.

Key international actions include the UK-led Counter Ransomware Initiative (CRI), launched in September 2024, which seeks to strengthen global ransomware defenses. The initiative is supported by 40 member nations and 8 major insurance organizations. In October 2024, a joint operation by the UK, USA, and Australia led to sanctions against 16 individuals linked to the notorious Evil Corp and LockBit ransomware gangs.

The proposals UK officials have drafted are among the most significant moves toward banning ransomware payments that any country has undertaken, setting a global precedent for tackling the financial underpinnings of cybercrime.

“This consultation marks a vital step in our efforts to protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs,” National Cyber Security Centre CEO Richard Horne said.

Horne also urged organizations to build their defenses against cyber attacks and “strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks.”

The consultation closes on April 8, 2025. After reviewing the ransomware legislative proposals, individuals and organizations have the option to respond to the consultation, which is estimated to take approximately 30-40 minutes to complete.