Redazione RHC : 24 July 2025 08:13
The UK government has announced preparations for a radical measure to combat cybercrime: a ban on paying ransoms after ransomware attacks. The new ban applies to public sector organizations and critical infrastructure, including local authorities, schools, and the publicly funded National Health Service (NHS).
The move comes at a time when ransomware threatens to spread, causing tens of millions of pounds in economic losses each year and disrupting vital services. The government claims that by eliminating financial incentives for attackers, it aims to weaken the business model underlying cybercrime. This should make the government and socially relevant organizations less attractive targets for attacks.
According to the plan, if the initiative is adopted, all public institutions will be strictly prohibited from making payments to criminals. Private companies, which will not be directly affected by the ban, will be required to inform the government immediately if they intend to pay a ransom. They will also be required to check sanctions lists to ensure they are not illegally transferring funds to criminal groups.
In parallel, a mandatory reporting system is being developed for all organizations that have been victims of ransomware. The goal is to provide law enforcement with the data needed to monitor attacks and provide support to affected facilities. The new mechanism also includes closer interaction with industry partners and greater coordination as part of the so-called “Plan for Change” for the country’s cybersecurity reform.
The proposal follows a public consultation conducted in January, in which the government had already raised the issue of a payment ban and reporting requirements. It has received broad support from relevant agencies, including the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), which consider ransomware to be the country’s main digital threat.
The situation is exacerbated by the fact that the UK has been the target of numerous large-scale attacks in recent years, including the shutdown of the UK Cyber Security Service. National Health Service (NHS) and the British Library incident. In April 2025, the Marks & Spencer retail chain was added to the list. Attackers used the DragonForce ransomware to disable virtual machines on VMware ESXi servers, forcing the retailer to temporarily suspend online ordering and disrupting the operations of 1,400 stores.
Britain’s largest chains were also among the victims. Co-op confirmed the data leak of current and former loyalty program members. Harrods, for its part, was forced to restrict internet access to several internal resources after an attempted hack of the company network. All these cases have only strengthened the position of supporters of the ban and underlined how far-reaching the consequences of such attacks can be: from disruptions to logistics to direct threats to people’s lives.
If the measures are adopted, the United Kingdom will be one of the first countries to take such a drastic step to dismantle a ransomware system at the national level. However, the effectiveness of such decisions will largely depend on international coordination, as most cyber threats are transnational in nature.
Redazione