UK Government Considers Nationwide Ban on Ransomware Payments by Critical Infrastructure Operators
The UK government has initiated a consultation to evaluate a potential ban on ransomware payments for operators of critical national infrastructure.
The proposal, unveiled by the Home Office on January 14, suggests a “targeted ban” to include sectors such as energy, healthcare, and local councils, expanding on the existing prohibition for government departments.
Ransomware attackers often demand cryptocurrency as payment. Similar bans have been considered by other nations, including Australia and the United States, as a measure to curb cybercriminal activities.
UK Plans to Cut Cybercriminal Funding for National Security
UK Security Minister Dan Jarvis said the proposal aims to bolster national security by cutting off financial resources for cybercriminals.
“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate,” Jarvis stated.
The Home Office clarified that the proposed measures would make essential services less attractive targets for cyberattacks.
Additional elements of the proposal include establishing a regime to prevent ransomware payments by providing victims with guidance and mechanisms to block payments to known criminal groups and sanctioned entities.
A mandatory reporting framework for ransomware incidents is also under consideration to enhance law enforcement’s ability to track and dismantle repeat offenders.
The consultation follows a series of high-profile cyberattacks in the UK.
In January 2023, the Royal Mail suffered a ransomware attack that disrupted international shipping operations, while an August 2022 breach at Advanced Computer Software Group exposed the personal data of nearly 83,000 individuals.
According to the Home Office, such incidents have had “devastating impacts” on public services.
Ransomware attacks threaten our national security & damage our economy.
We’re taking action to deter the cyber criminals responsible by disrupting & defeating their business models.
Our aim is simple: defend our national security & economic prosperity. pic.twitter.com/8DFrXtYlfI
— Dan Jarvis MP (@DanJarvisMBE) January 14, 2025
The National Cyber Security Centre (NCSC) reported managing 430 cyber incidents in the year ending August 2024, including 13 nationally significant attacks that caused severe harm to essential services or the economy.
The 2024 NCSC Annual Review identified ransomware attacks as the most immediate and disruptive cyber threat.
Notable incidents included a June 2024 attack on Synnovis, which delayed medical procedures, and an October attack on the British Library that compromised its online systems.
The consultation, set to run until April 8, underscores the growing global effort to address ransomware threats.
Australia and the U.S. have similarly explored bans on ransomware payments.
UK Introduces Crypto Legislation
In September, the UK government introduced a new bill aimed at clarifying the status of digital assets, including non-fungible tokens (NFTs), cryptocurrencies, and carbon credits, as “things” and “personal property” under the nation’s property laws.
The UK has been among the countries that have ramped up regulatory efforts following some high-profile bankruptcies last year.
The Financial Conduct Authority (FCA) oversees crypto activities, focusing on anti-money laundering measures and consumer protection.
Last year, the FCA implemented new rules that require crypto firms to register with the financial regulator and have their marketing materials approved by an FCA-authorized firm.
Key updates include exchanges providing clear warnings to customers about the risks associated with crypto investments.
The FCA has warned that failure to comply can result in criminal charges, including unlimited fines and up to two years’ imprisonment, for domestic and overseas exchanges operating in the UK.
Source: cryptonews.com
