Currently, all government departments across the country are banned from paying cybercriminals to decrypt or prevent their data from being leaked. The principle aims to protect the services and infrastructure that the British public rely on from financial and operational disruption.
The health sector is classified as a CNI, so intercepting ransomware payments could affect patient care. According to Bloombergattack on Pathology company Synnovis Last June, it caused months of disruption to the NHS, resulting in dozens of patients being harmed, in at least two cases with long-term or permanent damage.
See: The number of active ransomware groups is the highest on record.
Organizations must also report ransomware attacks within three days.
On top of the ban, the proposed legislation would make it mandatory for organizations to report ransomware attacks within 72 hours of becoming aware of them. This is so that law enforcement agencies stay up-to-date on who is being targeted and how, helping organized crime groups investigate and enabling them to publish helpful tips.
The Home Office also wants to establish a system to prevent ransomware payments, including educating businesses on how to respond directly to the threat and criminalizing unreported payments. It is hoped that this will increase awareness of the National Crime Agency’s attacks and, in particular, reduce the number of payments made to hackers in exchange for data suppression.
On 14 January, the Home Office launched a consultation on them. Three suggestionsWhich will last till April 8. Ultimately, the aim is to reduce the amount criminals cash from UK companies and increase understanding of the changing ransomware landscape to aid prevention and disruption efforts.
Security Minister Dan Jarvis said in a statement, “These proposals help us address the scale of the ransomware threat, hit these criminal networks in their wallets and cut off the critical financial pipeline that But they depend on it to work,” Security Minister Dan Jarvis said in a statement. Press release.
The proposed approach to improving the nation’s cybersecurity appears to echo that of the U.S. federal government mandating compliance with its own cybersecurity measures for federal agencies and regulated industries, hoping other businesses will voluntarily follow suit. Will follow.
A blanket ban could disproportionately affect small businesses and non-core sectors.
within the Documents Outlining the proposals, the Home Office acknowledges the potential for the legislation to have a disproportionate impact on small and micro businesses “who cannot afford specialist ransomware insurance, or specialist clean-up.”
These SMBs will have less employee capacity during an attack to engage with the government and meet reporting deadlines. As a result, they may feel that the only option to maintain their business is to pay to decrypt the data.
See: 94% of ransomware victims have targeted their backups.
Alejandro Rivas Vasquez, global head of digital forensics and incident response at security firm NCC Group, said in a statement. statement that the blanket rule could create “unfair and administrative burdens that become complex and unmanageable” for small businesses;
He said: “Rather than a one-size-fits-all approach, we would recommend that the Government explore a less burdensome liability that can be applied to small businesses, or businesses rather than punitive measures. The focus should be on incentivizing them to improve their security position.”
Vasquez added that applying the ban only to public sector entities and CNI could affect other industries. “A blanket ban could target sectors that are not covered by the ban, such as manufacturing, which are currently not covered,” he said. There was manufacturing The second most targeted industry for ransomware Last year, after services, and saw a 71 percent year-over-year increase.
Additionally, the legislation would not affect hackers who are motivated by factors other than money. As Vasquez said: “In geographically motivated attacks, which can be launched by nation-states, ransomware is a means to disrupt critical national infrastructure and steal sensitive data – money is not the goal. Banning payments to prevent such attacks would be pointless – hackers will already have the data they need.”
UK cyber threats ‘vastly underestimated’
In December, the head of Britain’s National Cyber Security Center, Richard Horne, warned that the country’s cyber threats were “vastly underestimated.” Hostile activities have “increased in frequency, sophistication and intensity,” mostly by foreign actors in Russia and China, he said.
According to NCSC Annual Review 2024the agency handled 430 incidents this year compared to 371 in 2023. Of those, 13 were “nationally significant” ransomware incidents that threatened essential services or the broader economy.
See: Microsoft: Ransomware attacks are getting more dangerous.
The report identified ransomware as the biggest threat to UK businesses, particularly in education, manufacturing, IT, legal, charities and construction.
According to the NCSC, prevalence of Generative AI has been found Increase ransomware vulnerability by providing “capability enhancements”. attackers. Amateur attackers can use it to generate social engineering content, analyze leaked data, code, and espionage, which essentially lowers the barrier to entry.