The UK government is set to consult on proposals to protect hospitals, railways and public services from ransomware attacks.

Ransomware attacks are estimated to cost the UK economy billions of pounds every year.

These attacks involve malicious software which infects a victim’s computer and demands a ransom from them to give them back access to their system, for their data to be restored, and often for the hackers not to publish the victim’s data on the web.

Aiming to strike at the heart of the cybercriminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals.

This is an expansion of the current ban on payments by government departments.

Protecting UK industry and saving costs

The new proposals will make it mandatory to report ransomware incidents, boost the intelligence available to law enforcement, and help them disrupt more incidents.

They will also help the government deliver on its Plan for Change by protecting the public services and infrastructure people rely on from disruption and huge costs.

Security Minister Dan Jarvis explained: “With an estimated $1bn flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this government’s Plan for Change is built.

“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate.”

He added: “Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe.”

How ransomware attacks disrupt our critical infrastructure

Carried out largely by criminal gangs, ransomware attacks continue to pose the most immediate and disruptive threat to the UK’s critical national infrastructure, according to the National Cyber Security Centre’s (NCSC) Annual Review 2024.

Additionally, they also cause more disruption and pose a greater risk than other cybercrimes.

Recent cyberattacks have included a key supplier to London Hospitals and Royal Mail, with devastating impacts on the public.

The Home Office-led consultation will consider three proposals to protect this infrastructure. They are:

1. A targeted ban on ransomware payments for all public sector bodies and critical national infrastructure – expanding the existing ban on ransomware payments by government departments and making the essential services the country relies on the most unattractive targets for ransomware crime.
2. A ransomware payment prevention regime – increasing the National Crime Agency’s (NCA) awareness of live attacks and criminal ransom demands, providing victims with advice and guidance before they decide how to respond, and enabling payments to known criminal groups and sanctioned entities to be blocked.
3. A mandatory reporting regime for ransomware incidents – bringing ransomware out of the shadows and maximising the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats and target their investigations on the most prolific and damaging organised ransomware groups.

Phasing out cybercrime one step at a time

The NCSC managed 430 cyber incidents between September 2023 and August 2024, including 13 ransomware incidents which were deemed to be nationally significant and posed serious harm to essential services or the wider economy.

Reporting to the NCA indicates the number of UK victims appearing on ransomware data leak sites has also doubled since 2022.

The Crime Survey for England and Wales also estimates that almost a million (952,000) computer misuse offences were committed against individuals in England and Wales in the year ending June 2024, and new polling shows that 84% and 72% of the UK public are concerned about the threat of ransomware to UK infrastructure and businesses respectively.

The government’s proposals set out necessary action to protect UK consumers, businesses, infrastructure and public services against the threat or ransomware attacks.

The measures form part of a wider push across government to improve the UK’s defences against cyber threats and protect the UK’s critical infrastructure and essential services.

The new regime would support recent operations such as the successful Operation Cronos, the NCA-led global collaboration to disrupt LockBit, one of the most dangerous cybercrime networks in the world.

It also follows international action to tackle the threat of cybercrime through the UK-led Counter Ransomware Initiative (CRI) guidance published in September 2024 to boost global ransomware resilience, which was supported by 40 CRI members and eight global insurance bodies.

The most recent joint action in October 2024 by the UK, USA and Australia led to the sanction of 16 individuals linked to the Evil Corp and LockBit cyber gangs.