UK to ban ransom payments by public bodies

UK to ban ransom payments by public bodies
Credit: Jeff Blackler/Rex/Shutterstock

UK (Parliament Politics Magazine) –  The British government will ban public bodies from paying ransoms and compel firms to report payments, aiming to break the global ransomware model.

As reported by The Guardian, public sector organisations in the UK could soon be barred from paying ransoms, while businesses must notify authorities before paying hackers.

Dan Jarvis’ views on the UK’s cybercrime crackdown

A Home Office minister, Dan Jarvis, said the decision aims to show international cybercriminals “that the UK is united in the fight against ransomware.”

He said he aimed to

“smash the cybercriminal business model. By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware.”

Officials said 75% of those consulted backed the proposal, adding that

“public sector bodies and some operators of critical national infrastructure, including the NHS, local councils and schools, would be banned from paying ransom demands to criminals.”

What did the Home Office say about ransom payments?

The Home Office stated,

“The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cybercriminal groups, many of whom are based in Russia.”

What did Alan Woodward say about UK ransom payments?

Ransomware gangs are estimated to have collected over $1bn (£741m) from victims around the world, according to industry figures. However, Alan Woodward, a leading expert at the Surrey Centre for Cyber Security, said some UK authorities typically do not pay ransoms.

According to him, the measures aim to send a strong message to international ransomware gangs, especially to LockBit and Evil Corp.

Mr Woodward added,

“Some of the criminals may not know this, and so communicating this could be valuable in that hackers will read that there is no point in attacking. I am not sure it will change anything in practice, but it puts everyone on notice so there can be no confusion.”

What did the consultation documents say about ransom payments?

The consultation documents stated,

“This type of crime only works if the potential victims are willing to pay the ransom that the gangs demand. Academic research suggests that criminals operating in this area will assess the level of ransom they can set, and the profit they will expect to make, against the probability that the victim will pay.”

What did Jonathon Ellison say about the ransomware threat?

Jonathon Ellison of the National Cyber Security Centre warned that ransomware “remains a serious and evolving threat,” urging some organisations to stay alert.

He added,

“These new measures help undermine the criminal ecosystem that is causing harm across our economy. All businesses should strengthen their defences using proven frameworks such as Cyber Essentials and our free Early Warning service, and be prepared to respond to incidents, recover quickly, and maintain continuity if the worst happens.”

Rebecca Lawrence’s stance on the cyberattack

Rebecca Lawrence, CEO of the British Library, said the institution was the “victim of a devastating ransomware attack in October 2023.”

She added,

“The attack destroyed our technology infrastructure and continues to impact our users, however, as a public body, we did not engage with the attackers or pay the ransom. Instead, we are committed to sharing our experiences to help protect other institutions affected by cyber crime and build collective resilience for the future.”

Major UK companies faced cyber attacks

M&S (Marks & Spencer)

  • Targeted by hackers in April 2023
  • Website shut down for six weeks
  • Estimated loss: £300 million
  • Suspected attackers: Scattered Spider and DragonForce

Co-op

  • Hit by a cyber attack
  • Had to shut off parts of its IT systems
  • Data breach: Personal data of 6.5 million members stolen
  • Data included names, addresses, and contact information

Co-op CEO Shirine Khoury-Haq backed the government’s proposals, warning that cyber attacks bring “first-hand damage and disruption” to both companies and communities.

Major types of cyber attacks

  • Malware Attacks 
  • Phishing Attacks 
  • Man-in-the-Middle Attacks
  • SQL Injection Attacks
  • Zero-Day Exploits
  • Cross-Site Scripting Attacks 
  • Password Attacks
  • Insider Threats 
  • DNS Spoofing 
  • Social Engineering Attacks
  • Ransomware Attacks 
  • Cryptojacking

Massimiliano  Verde

Massimiliano Verde is a journalist at Parliament News, He is covering Society and Culture News. Boasting a Master's Degree in Political Science, stands as a prominent figure in the Italian cultural landscape. His presidency of the Neapolitan Academy, a scientifically and sociolinguistically renowned group, attests to his relentless dedication to safeguarding and promoting Neapolitan language and culture. His activism and profound expertise have propelled him into the role of interlocutor for UNESCO as part of the International Decade of Indigenous Languages (2022-2032), a prestigious acknowledgment highlighting the significance of his efforts in preserving the linguistic and cultural diversity of our planet.

Verde's fervent passion for the history and culture of Southern Italy has driven him to immerse himself in research, resulting in numerous essays and articles that delve into the peculiarities and beauties of the region. His commitment extends beyond academia, manifesting in ongoing dissemination activities aimed at acquainting the general public with the rich cultural heritage of the South. His endeavors transcend national boundaries, as evidenced by his participation in international conferences and collaboration with various foreign institutions, rendering him an ambassador of Southern culture on the global stage and fostering intercultural dialogue and mutual understanding.