The Great Britain Government is contemplating a complete ban on payments for redemption programs in the public sector, as reported by The Register. Starting on January 14, a 12-week consultation period has been initiated to discuss three key approaches to address this issue.
One proposed option is a total prohibition on ransom payments for state institutions and critical infrastructure facilities. This measure aims to make these targets less appealing to cybercriminals and decrease their profits.
The second approach suggests stricter control, where organizations not falling under the government’s jurisdiction must seek permission before making ransom payments. This would essentially create a “ransom license” that would only be granted in exceptional cases.
The third option is a less drastic measure, involving mandatory reporting of attacks to the authorities without implementing a payment ban. While this would provide more data for cybercrime investigations, it may not significantly impact criminal motivation.
British Security Minister Dan Jarvis emphasized that combating cybercrime is a top priority for the government to safeguard citizens and protect the national economy. In 2023, extortionists reportedly made around a billion dollars, necessitating urgent action.
The National Cybersecurity Center (NCSC) is in support of this initiative. The agency’s new Director Richard Horn stressed the importance of organizations enhancing their security measures, utilizing proven solutions, and testing recovery plans post-attacks.
International practices are also being considered, with Australia having already implemented mandatory notification rules for organizations of a certain income level regarding extortion attacks. Great Britain may adapt a similar approach by setting income threshold values for companies.
Opponents of the ban argue that such measures could lead to unforeseen consequences, with some victims potentially circumventing the ban without alerting authorities, thus complicating investigations. Critics also point out organizations’ lack of readiness to prevent attacks.
Despite these concerns, cyber incidents in the UK continue to rise. According to NCSC, the number of attacks reaching maximum threat levels tripled last year, underscoring the necessity for new strategies to combat cybercrime.