UK Bans Public Sector from Paying Ransomware Gangs

The UK government has announced a comprehensive ban preventing public sector organizations from paying ransom demands to cybercriminals, marking a significant escalation in the fight against ransomware attacks that cost the British economy millions of pounds annually.

The new measures will prohibit NHS trusts, local councils, schools, and other critical national infrastructure operators from making ransom payments to criminal groups.

Nearly three-quarters of consultation respondents supported the proposal, which aims to disrupt the business model that makes ransomware attacks profitable for cybercriminals.

Targeting Criminal Business Models

“Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on,” said Security Minister Dan Jarvis. “That’s why we’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change.”

The ban specifically targets the financial incentive structure that fuels ransomware operations, making vital public services less attractive targets for criminal groups.

Many of these cybercriminal organizations operate from Russia and other sanctioned territories, meaning ransom payments could potentially violate international sanctions.

While public sector organizations face an outright ban, private businesses will be required to notify the government before making any ransom payments.

This notification system will enable authorities to provide guidance and support, including warnings about payments that might breach sanctions laws by funding criminal groups in sanctioned countries.

The government is also developing mandatory reporting requirements that will provide law enforcement with crucial intelligence to track down perpetrators and disrupt their operations.

Consultation responses showed strong support for enhanced reporting regimes to better protect British organizations.

Recent high-profile attacks have demonstrated the devastating consequences of ransomware. The British Library suffered a catastrophic attack in October 2023 that destroyed its technology infrastructure and continues to impact users.

Chief Executive Rebecca Lawrence confirmed the institution refused to engage with attackers or pay ransoms.

More alarmingly, an NHS organization recently identified a ransomware attack as a contributing factor in a patient’s death, highlighting the life-threatening potential of these cyber assaults.

Major retailers including Co-op have also fallen victim to ransomware attacks, disrupting essential services across the country.

Beyond the payment ban, the government continues urging organizations to strengthen their cyber defenses through offline backups, tested operational plans, and well-rehearsed system restoration strategies.

The National Cyber Security Centre recommends frameworks like Cyber Essentials and their free Early Warning service to help organizations prepare for potential attacks.

Co-op CEO Shirine Khoury-Haq welcomed the government’s focus, stating: “What matters most is learning, building resilience, and supporting each other to prevent future harm. This is a step in the right direction for building a safer digital future.”

These measures represent part of the government’s broader Plan for Change to defend businesses, services, and infrastructure against evolving cyber threats while better protecting the British public.

Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now