Home Office Consultation Addresses Ransomware Threats and Strengthens Cybersecurity Resilience

UK government seeks public input on tackling ransomware and reducing criminal profits

The UK government has announced proposals aimed at combating ransomware, a cybercrime that has become a pressing threat to national security and businesses alike.

With incidents escalating in sophistication and frequency, the Home Office is consulting on legislative measures designed to undercut the profitability of ransomware operations, enhance intelligence gathering, and bolster resilience across all sectors.

Ransomware: proposals to increase incident reporting and reduce payments to criminals

The government is consulting on proposals to reduce the threat posed by the criminal infection of computer systems with malicious ‘ransomware’ software.

GOV.UKHome Office

The Threat of Ransomware: A Growing Concern

Ransomware attacks, where malicious software locks or threatens to publish a victim's data unless a ransom is paid, are now the leading form of organised cybercrime in the UK.

According to the National Cyber Security Centre (NCSC), these attacks often target critical infrastructure and essential services. High-profile incidents, such as the disruption of NHS services and the collapse of prominent businesses like KNP Logistics Group, underline the urgent need for action.

The financial toll is staggering. In 2023 alone, ransomware groups were estimated to have extorted over $1 billion globally.

Domestically, businesses such as Capita and the British Library suffered significant financial and operational losses, with Capita alone reporting costs between £15 million and £20 million following an attack.

Beyond the monetary damage, these incidents disrupt lives, from cancelled surgeries to compromised personal data.

The experiences and impact of ransomware attacks on victims

This report presents findings from in-depth qualitative interviews on the experiences and impact of ransomware attacks on individuals and organisations.

GOV.UKHome Office

Proposed Legislative Actions

The UK Home Office consultation proposes several legislative measures to combat the growing threat of ransomware, with a focus on disrupting criminal operations and protecting organisations.

These measures aim to reshape how ransomware incidents are managed and reported. They are:

A Complete Ban on Payments

One of the most impactful proposals is a total ban on ransomware payments. This approach is designed to undercut the financial incentive driving ransomware attacks, discouraging criminals from targeting UK organisations.

By eliminating the option to pay ransoms, the government hopes to disrupt the business model of ransomware groups. However, this intervention is not without challenges.

Critics point out that banning payments could leave victims in a vulnerable position, particularly organisations lacking robust incident response plans.

Without alternative support mechanisms or clear guidance on managing such situations, victims might face extended downtime, data loss, or reputational damage.

Targeted Restrictions

To balance effectiveness and feasibility, the government is considering focused payment restrictions for critical national infrastructure (CNI) and public sector organisations.

These entities often hold sensitive or essential data and are prime targets for ransomware attacks.

The government aims to prioritise safeguarding the most vital systems while avoiding undue burdens on smaller entities that might struggle to comply with broader restrictions.

Mandatory Reporting

Another key proposal is mandatory reporting of ransomware incidents or intended payments. This measure would require organisations to notify law enforcement or relevant authorities before making any payments.

By collecting and analysing this intelligence, agencies could better understand the ransomware payment landscape, identify patterns, and track the operations of ransomware groups.

Increased reporting would not only enhance investigative efforts but also provide a clearer picture of the scale and nature of ransomware activity in the UK, informing future interventions and policies.

Why This Is Important

The impact of ransomware extends far beyond its immediate victims. Research suggests that a significant portion of ransom payments flows through cryptocurrencies, complicating efforts to track and intercept funds.

Moreover, stolen data often ends up on illicit marketplaces, fuelling further criminal activity, from identity theft to fraudulent transactions.

In addition, public confidence is at stake. Polling reveals that nearly three-quarters of the UK population are concerned about ransomware, with many believing that paying ransoms only perpetuates the problem.

The Home Office sees this as an opportunity to lead by example on the international stage, learning from and improving upon models adopted by countries like the US, Australia, and France.

Comments should be sent by 17.00 on 8 April 2025.

Experiences of victims of fraud and cyber crime

A report detailing the impacts experienced by fraud and cyber crime victims and their experience with victim care services.

GOV.UKHome Office