This article is from the source 'guardian' and was first published or seen on . The next check for changes will be
You can find the current article at its original source at https://www.theguardian.com/technology/2025/jul/22/uk-government-to-ban-public-bodies-from-paying-ransoms-to-hackers
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| UK government to ban public bodies from paying ransoms to hackers | UK government to ban public bodies from paying ransoms to hackers |
| (25 days later) | |
| Measure intended to send message to international cybercriminals ‘that the UK is united in fight against ransomware’ | Measure intended to send message to international cybercriminals ‘that the UK is united in fight against ransomware’ |
| The UK government is planning to ban public bodies from paying ransoms to computer hackers, and private companies will be required to inform authorities if they plan to cave into cash demands. | The UK government is planning to ban public bodies from paying ransoms to computer hackers, and private companies will be required to inform authorities if they plan to cave into cash demands. |
| The stance, announced on Tuesday by the Home Office security minister, Dan Jarvis, is intended to send a message to international cybercriminals “that the UK is united in the fight against ransomware”. It follows crippling ransomware attacks on the British Library in 2023 and NHS hospitals in London last summer. | The stance, announced on Tuesday by the Home Office security minister, Dan Jarvis, is intended to send a message to international cybercriminals “that the UK is united in the fight against ransomware”. It follows crippling ransomware attacks on the British Library in 2023 and NHS hospitals in London last summer. |
| The government said almost three-quarters of responses to a consultation backed the proposal and that “public sector bodies and operators of critical national infrastructure, including the NHS, local councils and schools, would be banned from paying ransom demands to criminals”. | The government said almost three-quarters of responses to a consultation backed the proposal and that “public sector bodies and operators of critical national infrastructure, including the NHS, local councils and schools, would be banned from paying ransom demands to criminals”. |
| Industry estimates suggest ransomware criminals received more than $1bn (£741m) from their victims globally in 2023. But Alan Woodward, a leading computer security expert at the Surrey Centre for Cyber Security, said UK public authorities are not known to pay ransoms. | Industry estimates suggest ransomware criminals received more than $1bn (£741m) from their victims globally in 2023. But Alan Woodward, a leading computer security expert at the Surrey Centre for Cyber Security, said UK public authorities are not known to pay ransoms. |
| He said the latest measures appeared aimed at signalling the refusal to pay more clearly to hackers around the world, which include regular offender networks like LockBit and Evil Corp. | He said the latest measures appeared aimed at signalling the refusal to pay more clearly to hackers around the world, which include regular offender networks like LockBit and Evil Corp. |
| “Some of the criminals may not know this and so communicating this could be valuable in that hackers will read that there is no point in attacking,” Woodward said. “I am not sure it will change anything in practice, but it puts everyone on notice so there can be no confusion.” | “Some of the criminals may not know this and so communicating this could be valuable in that hackers will read that there is no point in attacking,” Woodward said. “I am not sure it will change anything in practice, but it puts everyone on notice so there can be no confusion.” |
| Businesses not covered by the ban on public sector ransoms would be required to notify the government of any intent to meet hackers’ demands for cash. | Businesses not covered by the ban on public sector ransoms would be required to notify the government of any intent to meet hackers’ demands for cash. |
| The best public interest journalism relies on first-hand accounts from people in the know. | The best public interest journalism relies on first-hand accounts from people in the know. |
| If you have something to share on this subject you can contact us confidentially using the following methods. | If you have something to share on this subject you can contact us confidentially using the following methods. |
| Secure Messaging in the Guardian app | Secure Messaging in the Guardian app |
| The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said. | The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said. |
| If you don't already have the Guardian app, download it (iOS/Android) and go to the menu. Select ‘Secure Messaging’. | If you don't already have the Guardian app, download it (iOS/Android) and go to the menu. Select ‘Secure Messaging’. |
| SecureDrop, instant messengers, email, telephone and post | SecureDrop, instant messengers, email, telephone and post |
| If you can safely use the tor network without being observed or monitored you can send messages and documents to the Guardian via our SecureDrop platform. | |
| Finally, our guide at theguardian.com/tips lists several ways to contact us securely, and discusses the pros and cons of each. | |
| The Home Office said: “The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cybercriminal groups, many of whom are based in Russia.” | The Home Office said: “The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cybercriminal groups, many of whom are based in Russia.” |
| Jarvis said he wanted to “smash the cybercriminal business model”. “By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware,” he said. | Jarvis said he wanted to “smash the cybercriminal business model”. “By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware,” he said. |
| The consultation documents said: “This type of crime only works if the potential victims are willing to pay the ransom that the gangs demand. Academic research suggests that criminals operating in this area will assess the level of ransom they can set, and the profit they will expect to make, against the probability that the victim will pay.” | The consultation documents said: “This type of crime only works if the potential victims are willing to pay the ransom that the gangs demand. Academic research suggests that criminals operating in this area will assess the level of ransom they can set, and the profit they will expect to make, against the probability that the victim will pay.” |
| Jonathon Ellison, director of national resilience at the National Cyber Security Centre, said ransomware “remains a serious and evolving threat, and organisations must not become complacent”. | Jonathon Ellison, director of national resilience at the National Cyber Security Centre, said ransomware “remains a serious and evolving threat, and organisations must not become complacent”. |
| “These new measures help undermine the criminal ecosystem that is causing harm across our economy,” he said. “All businesses should strengthen their defences using proven frameworks such as Cyber Essentials and our free Early Warning service, and be prepared to respond to incidents, recover quickly, and maintain continuity if the worst happens.” | “These new measures help undermine the criminal ecosystem that is causing harm across our economy,” he said. “All businesses should strengthen their defences using proven frameworks such as Cyber Essentials and our free Early Warning service, and be prepared to respond to incidents, recover quickly, and maintain continuity if the worst happens.” |