The UK government has launched a major attempt to crackdown on ransomware – as the particularly kind of cyber attack continues to threaten life in the country.
Ransomware sees hackers take over systems and then lock them down or steal data until a ransom is paid. Estimates suggest it costs the economy millions of pounds each year, and it has caused significant problems for key infrastructure including hospitals and libraries.
Now the government says it will try and tackle the threat posed by ransomware with a range of measures, including banning public sector bodies from paying ransoms to cyber criminals. That will make such cyber attacks less appealing to hackers and make the organisations less attractive targets, it said.
Any businesses not covered by the ban would be required to tell the government that they were intending to pay a ransom. That would allow the government to offer support and advice, including informing them whether the payment of a ransom could break the law by paying sanctioned cyber criminal groups, for instance
“Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on," said Dan Jarvis, the security minister. “By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware.”
The government also asked private organisations to strengthen their protections against such attacks. That includes keeping offline backups and conducting drills to ensure that companies could operate without IT, for instance.
Not preparing for such attacks can be deadly, the government noted, pointing to the recent discovery that a ransomware attack had contributed to a patient's death.
The plans have received support from organisations including the British Library, which is still recovering from a huge cyber attack, almost two years after it happened.
“The British Library, which holds one of the world’s most significant collections of human knowledge, was the victim of a devastating ransomware attack in October 2023," said Rebecca Lawrence, the chief executive of the British Library.
“The attack destroyed our technology infrastructure and continues to impact our users, however, as a public body, we did not engage with the attackers or pay the ransom. Instead, we are committed to sharing our experiences to help protect other institutions affected by cyber-crime and build collective resilience for the future.”
But the ban on payments has drawn criticism from others, who argue that it could hamper organisations who might have no other option than to offer a ransom.
“While banning organisations from providing ransomware payouts sounds good in theory, it is a disaster in practice," said Allie Mellen, principal analyst at Forrester.
“If an organisation is paying a ransom, it is because they have no other option, not because they want to. While it’s unfortunate that ransomware payouts happen, the better effort should be spent on supporting organisations in protecting against these kind of attacks. We absolutely recommend discouraging paying the ransom, but to ban it outright is unrealistic and detrimental to the organisations they look to protect.”
All Co-Op’s 6.5 million members had details stolen in cyber attack, boss confirms
Teen hackers behind M&S attack stole personal data of 5.7 million Qantas customers
Iranian hackers threaten to release treasure trove of White House emails
Inside Scattered Spider: The notorious teen hacking group causing chaos online
