‘Vladimir Putin’s hacking squads won’t get payouts for striking in UK’ vow

Exclusive:

Security Minister Dan Jarvis told The Mirror that cyber-criminals protected by Vladimir Putin are among the most serious threats facing the UK and vowed: ‘We must tackle it head on’

The UK’s Security Minister has vowed not to let Vladimir Putin’s hackers hold firms and public services to ransom.

Dan Jarvis said Russian cyber crime gangs behind attacks on the NHS, Royal Mail and the British Library are among “the most serious threats” facing the country. He said: “We must tackle it head on”.

The Government has announced a string of plans to prevent damaging ransomware strikes piling millions of pounds of misery on businesses and public bodies. These strikes see criminals infect computers with viruses and demand payment for data to be restored.

Ministers plan to ban schools, councils and other public bodies from paying criminals. A new law making it mandatory to report all ransomware cases is also in the pipeline.

Mr Jarvis told The Mirror the UK will be the first in the world to bring in such laws – meaning cyber criminals will “get nothing in return” if they strike. He said: “We cannot allow Russian cyber crime gangs operating under Vladimir Putin’s protection to hold our essential public services and biggest companies to ransom. This is one of the most serious security threats facing the UK today, and we must tackle it head on.

“That means placing a total ban on ransom payments by our public bodies and critical national infrastructure, and asking business to work with us to dismantle these cyber gangs, instead of paying them off. We want to be the first government in the world to tell the ransomware criminals: if you target our country, you will get nothing in return, except the full weight of our law enforcement targeting you back.”

The National Cyber Security Centre (NCSC) dealt with 13 “nationally significant” ransomware cases from September 2023 to August last year. These included a strike by Russian hacking group Rhysida on the National Library in October 2023.

The group demanded nearly £600,000, which the library refused to pay. The hackers snatched a number of sensitive files, later publishing tens of thousands on the dark web.

Other high-profile cases include an attack in January 2023 that caused huge disruption to Royal Mail deliveries overseas. That attack was also linked to Russian criminals.

At the moment Government departments are forbidden from making payments after ransomware attacks, but the proposals would see this extended to all public bodies. A Home Office-led consultation will run until April 8.