UK Government Considers Nationwide Ban on Ransomware Payments by Critical Infrastructure Operators
The UK government has launched a consultation to assess the possibility of implementing a ban on ransomware payments for operators of critical national infrastructure.
The Home Office unveiled the proposal on January 14, suggesting a “targeted ban” that would encompass sectors such as energy, healthcare, and local councils, in addition to the existing prohibition for government departments.
Ransomware attackers frequently demand cryptocurrency as payment. Similar bans have been under consideration by other countries, including Australia and the United States, as a means to combat cybercriminal activities.
UK Plans to Cut Cybercriminal Funding for National Security
UK Security Minister Dan Jarvis stated that the proposal aims to boost national security by cutting off financial resources for cybercriminals.
“These proposals help us confront the scale of the ransomware threat, striking at the heart of these criminal networks by affecting their finances and severing the crucial financial pipeline they depend on,” Jarvis said.
The Home Office clarified that the proposed measures would make essential services less appealing targets for cyberattacks.
Other elements of the proposal involve establishing a framework to prevent ransomware payments by providing victims with guidance and mechanisms to block payments to known criminal groups and sanctioned entities.
Furthermore, a mandatory reporting system for ransomware incidents is being considered to enhance law enforcement’s capability to track and dismantle repeat offenders.
The consultation comes in the wake of a series of high-profile cyberattacks in the UK.
In January 2023, the Royal Mail fell victim to a ransomware attack that disrupted international shipping operations, while in August 2022, a breach at Advanced Computer Software Group exposed the personal data of nearly 83,000 individuals.
According to the Home Office, such incidents have had “devastating impacts” on public services.
The National Cyber Security Centre (NCSC) reported handling 430 cyber incidents in the year ending August 2024, including 13 attacks of national significance that caused severe harm to essential services or the economy.
The 2024 NCSC Annual Review identified ransomware attacks as the most immediate and disruptive cyber threat.
Notable incidents included a June 2024 attack on Synnovis, which led to delays in medical procedures, and an October attack on the British Library that compromised its online systems.
The consultation, set to conclude on April 8, underscores the global efforts to address ransomware threats.
Australia and the US have also explored bans on ransomware payments.
UK Introduces Crypto Legislation
In September, the UK government introduced a new bill aimed at clarifying the legal status of digital assets, including non-fungible tokens (NFTs), cryptocurrencies, and carbon credits, as “things” and “personal property” under the nation’s property laws.
The UK is among the countries that have strengthened regulatory efforts following several high-profile bankruptcies last year.
The Financial Conduct Authority (FCA) oversees crypto activities, focusing on anti-money laundering measures and consumer protection.
Last year, the FCA implemented new rules that require crypto firms to register with the financial regulator and have their marketing materials approved by an FCA-authorized firm.
Key updates include exchanges providing clear warnings to customers about the risks associated with crypto investments.
The FCA has warned that failure to comply can result in criminal charges, including unlimited fines and up to two years’ imprisonment, for domestic and overseas exchanges operating in the UK.