UK Plans to Ban Public Sector Bodies From Paying Ransom to Cyber Criminals
Britain plans to ban public sector bodies and operators of critical national infrastructure, including the state-run health service, local councils and schools, from paying ransom demands to cyber criminals, it said on Tuesday.
“We’re determined to smash the cyber criminal business model and protect the services we all rely on,” security minister Dan Jarvis said in a statement. “We are sending a clear signal that the UK is united in the fight against ransomware.”
Ransomware, which is malicious software used by criminals to access victims’ computer systems, encrypt data, or steal information and hold it hostage until a ransom is paid, is estimated to cost the economy millions of pounds each year, the statement said.
Related: Microsoft Says Chinese Hackers Exploiting SharePoint Flaws
The recent attacks highlight “the severe operational, financial, and even life-threatening risks,” it said. The package of measures includes a ransomware payment prevention regime for victims of ransomware attacks and a ransomware incident reporting regime.
A more recent attack on the NHS was cited as one of the factors that contributed to a patient’s death, according to the statement. A slew of attacks on British retailers from Marks & Spencer to Co-op Group have also shaken public confidence this year.
Under the proposals, businesses not covered by the planned ban would be required to notify the government of any intent to pay a ransom, so they can be provided with advice and support, while mandatory reporting is also being developed to equip law enforcement with essential intelligence to deal with perpetrators and disrupt their activities.
(Reporting by Muvija M in London; Editing by Nia Williams)