UK Considering Targeted Ban on Ransomware Payments

Writing in Cointelegraph, an online publication that covers and promotes the world of cryptocurrency, Stephen Katte reports that the UK has launched a “consultation” to consider a policy that would forbid entities deemed part of critical national infrastructure from making ransomware payments.

Many ransomware attackers demand a cryptocurrency payoff. In the UK, a consultation is a formal process by which a government department or public body solicits public input on a policy under consideration.

The UK Home Office initiated this consultation, which will consider a ban on ransomware payments for all public sector bodies and critical national infrastructure, including energy, health services, and local councils. It would expand an existing ban on government departments. 

Critical infrastructure in the UK has suffered significant cyberattacks, including a 2023 attack on the Royal Mail that halted international shipping through its offices.

For the year ending August 2024, the UK’s National Cyber Security Centre reports managing 430 cyber incidents, including 13 that “posed serious harm to essential services or the wider economy.”

The article quotes UK Security Minister Dan Jarvis, who says the proposed ban aims to protect national security by hitting criminal networks “in their wallets and cutting off the key financial pipeline they rely upon to operate.”

The proposal also includes the establishment of a mandatory reporting regime to help law enforcement agencies target ransomware gangs.

Other countries have also considered banning ransomware payments, notably Australia and the US, in 2023.