UK Govt Set To Expand Ransomware Payment Ban

Text size

The UK government said on Tuesday it would consult on proposals to ban bodies running essential public services and critical national infrastructure from making ransomware payments.

The ban would aim to cut the flow of ransom payments to organised cybercrime groups as well boost intelligence gathering to target and disrupt them, the government’s Home Office said.

Attacks were “largely by Russian-affiliated criminal gangs” and posed “the most immediate and disruptive threat to the UK’s critical infrastructure”, according to the National Cyber Security Centre’s 2024 annual review.

A ransomware attack last June led to major disruption at London hospitals.

Security Minister Dan Jarvis said the initiative would “help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely on to operate”.

Ransomware criminals were estimated to have raked in $1 billion globally in 2023, he added.

Under the proposals, bodies including the state-funded National Health Service (NHS), local councils and schools would be banned from making ransomware payments.

A ban already applies to government departments.

There would also be a mandatory reporting regime for ransomware incidents to bring the crime “out of the shadows” and assist investigators, the Home Office said.

Officials said last year an international operation led by UK and US law enforcement had severely disrupted “the world’s most harmful cybercrime group”, the Russian-linked ransomware specialist LockBit.

LockBit and its affiliates had targeted governments, major companies, schools and hospitals, causing billions of dollars of damage and extracting tens of millions in ransoms from victims.

Those targeted included Britain’s Royal Mail, US aircraft manufacturer Boeing, and a Canadian children’s hospital.

In January 2023, US law enforcers shut down the Hive ransomware operation which extorted some $100 million from more than 1,500 victims worldwide.

In June 2023, a cyberattack on service supplier Synnovis particularly hit blood transfusions, and hundreds of appointments and operations were cancelled at two of the UK’s biggest hospitals — King’s College Hospital and Guy’s and St Thomas’ in the centre of the British capital.

har/jkb/rl