UK gov to ban public sector bodies from paying ransom to cybercriminals

The UK government plans to ban public sector bodies from paying ransom to hackers.

The ban would aim to make vital public services a less attractive target for crooks and hit their core business model. Under the new measure, public bodies, including the state-run health service, local councils, and schools, would be banned from paying ransom.

In turn, private companies will be expected to inform authorities if they wish to give in to cybercriminals’ demands. Authorities could then provide them with advice and support, as well as inform them whether any such payment falls under illegal activity due to sanctions (since many ransomware groups operate from Russia).

The new package of measures, announced by the Home Office security minister, Dan Jarvis, on Tuesday, aims to show “that the UK is united in the fight against ransomware”.

“Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on,” he said.

“That’s why we’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change.

“By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware.”

All organizations are also encouraged to strengthen their defences to prevent cyberattacks and improve their ability to continue operations even if they occur.

Ransomware is a malicious software that encrypts the victim’s files and demands a ransom to decrypt them, typically in some type of cryptocurrency. This June, a crippling ransomware attack on Synnovis, the primary pathology lab provider for the National Health Service (NHS) London region, severely disrupted services at five major hospitals.

According to Sophos, the average total cost of recovery for UK organisations after a ransomware attack jumped to $2.58 million, compared to $2.07 million the year before. But the overall recovery time has improved significantly, with 59% of UK businesses reporting full recovery within a week, up from 38% last year.