Businesses in the UK are set to be protected by a new ransomware ban to address the threat of cybercrime, which is estimated to cost the UK economy billions of pounds every year. The proposed legislation follows a series of serious ransomware attacks on the National Health Service (NHS), the British Library and the Royal Mail, that have caused severe disruption and cost millions in recovery costs. The intention is to make public sector and infrastructure organizations less appealing as targets for ransomware gangs.
Ransomware is malicious software which infects a victim’s computer and demands a ransom from them to give them back access to their system, for their data to be restored, and often for the hackers not to publish the victim’s data on the web. Aiming to undermine the cybercriminal business model and protect UK businesses by deterring threats, proposals include banning all public sector bodies and critical national infrastructure, including the NHS, local councils, and schools, from making ransomware payments, in order to make them unattractive targets for criminals. This is an expansion of the current ban on payments by government departments.
In a crackdown on such cyber-attacks, operators of critical national infrastructure will be barred from bowing to demands when criminal gangs hold IT systems hostage. Payouts by private companies will have to be reported to the government and could be blocked if they are made to sanctioned groups or foreign states. Reporting ransomware attacks will also be made mandatory if the proposals become law. The ban will also apply to critical national infrastructure such as energy and transport networks. Government departments are already banned from paying ransomware gangs.
They also include a new payment prevention regime, where victims not covered by the ban will be required to report their intention to pay to the government. The payment will then be assessed, and the government will have the power to block it.
These measures appear to have widespread industry support. According to Mike Kiser, Director of Strategy & Standards at SailPoint. Ransom payments should be banned: increasing payouts mean a corresponding rise in malicious activity. However, as soon as laws are passed to ban ransom payments, an underground market is likely to arrive resulting in a hidden economic system. Who is then held responsible for violating the laws, is it the corporate entity or the fault of the security executive? The time for action to mitigate the rise of ransomware is now. But as with so many other elements of life, prevention is better than cure.”
Technology exists to protect these government organizations, but many NHS trusts and councils are still using older IT infrastructures that are typically more vulnerable to attack. Simon Jelley, VP and GM Data Protection at Arctera commented, "This new no-pay mandate will need to come with a strong wraparound package of guidance and financial support to ensure that government organizations have expertise and tools to simply achieve true resilience.”
Paying ransom is officially discouraged by UK authorities but is not illegal, depending on who is being paid. It has been illegal for some time to pay a ransom if the victim suspects that the proceeds are going to a terrorist organization.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments