Paying ransoms to cyber criminals will be banned under a Government crackdown that aims to deter gangs from targeting the UK.
All public bodies using state money and providers of critical infrastructure such as roads, rail, electricity and water will be banned from making ransomware payments.
Private companies and institutions hit by “ransomware” attacks will be required to tell law enforcement before they make any payments.
The Government will then take powers to block them from doing so if there is a risk that terrorist groups, sanctioned criminals or hostile states such as Russia and North Korea could benefit.
Organisations that fail to tell the Government could face criminal or civil sanctions under the proposals, which will go out for consultation on Tuesday.
In an article for The Telegraph, Dan Jarvis, the security minister, said the aim was to “prevent them inadvertently paying money over to banned groups in breach of sanctions regulations”.
The former army commander and paratrooper said the move harked back to his own experience as a soldier, where he saw the practice of hostage-taking develop from a sporadic threat to a routine feature of conflicts in Iraq and Afghanistan.
“For the personnel in my units, and our families back home, that also required us to think through what it would mean to be taken captive, and how our government would respond. This includes the inescapable fact that under no circumstances would any ransom demands be met,” he said.
“We knew this, and accepted it, because of another equally inescapable fact. That any time a militia or terror group succeeded in its ransom demands, the only guaranteed outcome was that they would take even more hostages, and make even bigger demands, next time round.”
He said that in his current ministerial role, this “different kind of ransom threat” sees the “thought process of the ‘hostage-takers’ follow exactly the same lines”, adding that, as a result, the Government’s response must do the same.
Three-quarters of businesses affected in 2021
The Home Office is also proposing to require all victims of ransomware incidents to report any attacks to the authorities to help develop comprehensive intelligence on the threat.
The National Cyber Security Centre (NCSC) managed 430 cyber incidents between September 2023 and August 2024, including 13 ransomware attacks. They included a key supplier to London Hospitals and Royal Mail.
According to the crime survey for England and Wales, almost a million (952,000) computer misuse offences were committed against individuals in the two countries in the year ending June 2024,
In ransomware attacks, hackers encrypt data and demand a ransom in order to decrypt the information.
Previous research has suggested that as many as eight in ten British firms that fell victims to ransomware attacks paid the hackers in order to retrieve their information.
JBS Foods and Colonial Pipeline are firms that have reportedly paid a ransom to get their systems working again.
Research by security firm Proofpoint found that more than three-quarters of UK businesses were affected by ransomware in 2021.
It also suggested that paying hackers is not an effective tactic, with only half of firms surveyed regaining access to data and systems after the payment, with criminals demanding more money.
By Dan Jarvis
Over the time I served in Iraq and Afghanistan, I saw the practice of hostage-taking develop from a sporadic threat to a horrifyingly routine feature of those conflicts.
For the personnel in my units, and our families back home, that also required us to think through what it would mean to be taken captive, and how our government would respond. This includes the inescapable fact that under no circumstances would any ransom demands be met.
We knew this, and accepted it, because of another equally inescapable fact. That any time a militia or terror group succeeded in its ransom demands, the only guaranteed outcome was that they would take even more hostages, and make even bigger demands, next time round.
Now, in my current role as security minister, I have to deal every day with a different kind of ransom threat, but one where the thought process of the ‘hostage-takers’ follows exactly the same lines, and, I believe, the response of government must do the same.
Right now, and relentlessly all year round, Russian affiliated cyber-crime gangs are seeking to disrupt the functioning of our country’s critical national infrastructure, from our transport and communication networks to our power stations and emergency services, and hijacking the computer systems of the UK’s biggest corporations.
This impacts both our economy and our national security, two of the key foundations upon which this Government’s Plan For Change is built.
Across the world, this is a highly sophisticated, highly profitable criminal industry worth at least $1 billion, operating at the cutting edge of the technology required to circumvent modern anti-hacking software. And while the individual targets of their attacks can often appear entirely random and indiscriminate, that is never the full picture.
After all, when an individual hospital in one part of the UK suddenly has its computer system paralysed, that is not because they have done anything to offend Vladimir Putin or the crime bosses who operate under his protection; it is simply because theirs was the vulnerability that a cyber-gang was able to exploit that day, among hundreds of other facilities they have tried to infiltrate.
The only common denominator linking all these attacks – the driving force behind the entire criminal ransomware industry – is money. The attempt to find a victim willing to pay what is demanded in the often vain hope of having their systems restored, or their hacked files returned.
Let’s be clear – we are not placing blame on victims who pay today or may do in the future. They are facing an unenviably difficult choice, and it is the criminals who are inflicting this pain on our economy and businesses.
The financial logic of the cyber-gangs dictates that the wealthier the company they are attacking, or the more critical the public service, the more likely they are to pay up. But I am absolutely determined that Britain will become the first country in the world to upend that business model.
The proposals the Home Office is publishing today would take three crucial steps.
First, we propose to institute an outright ban on all public bodies using public money and providers of critical national infrastructure from making ransomware payments, extending the current ban that applies to central government departments.
The criminal gangs will be told definitively that – however much time and money they spend trying to breach our cyber-security defences – they will get nothing in return, as a point of British law.
Second, we propose to make it mandatory for corporations and institutions in the UK to inform law enforcement before they make any payments of their own, so we can advise them of their alternative options where appropriate, and prevent them inadvertently paying money over to banned groups in breach of sanctions regulations.
And third, we will ask all victims of ransomware attacks to report them to the authorities, so we can expand our intelligence picture on new and emerging threats, and further our investigations against the criminal networks that we are currently working to take down.
We can be rightly proud of the role our National Crime Agency has played in recent years in helping to dismantle the Russian-affiliated cyber-crime syndicates, and the data we gather from future attacks will help them pursue the new gangs which are taking their place.
These proposals represent an entirely new direction for our country in seeking to tackle ransomware attacks, but one consistent with this Government’s approach across a range of criminal threats.
Whether it is car crime, where we want to design out the risks of motorists having their vehicles broken into or stolen, or people-smuggling across the Channel, where we are disrupting the trafficking networks and their supply chains at source, the same essential principle applies: the best defence against any organised crime is the destruction of its business model.
And that is the inescapable fact when it comes to ransomware. We will only stop these attacks when we make clear that there is no profit to be had from targeting our country, and that we will bring down the full weight of British law enforcement on anyone who tries.
Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
:strip_icc()/101653830-be2b1042f3ea4730ba0f4b5f1bd0e6bb.gif "Ina Garten’s Favorite Store-Bought Ingredients")
