Britain plans to ban public sector bodies and operators of critical national infrastructure from paying ransoms to cyber criminals. The move would affect organizations such as the National Health Service, schools, and local councils.
The government said the change is part of a broader plan to reduce the threat of ransomware attacks, which cost the UK economy millions each year.
Security minister Dan Jarvis said the UK aims to disrupt the business model of cyber criminals and protect essential services.
The government will introduce a payment prevention regime and a separate reporting regime for ransomware incidents. The reporting rules are designed to provide law enforcement with information to track and stop attackers.
Organizations not covered by the ban would still need to notify the government if they plan to pay a ransom, and would receive guidance and support.
A 2017 attack on the NHS and a 2023 ransomware incident at the British Library were among recent cases mentioned by officials.
A more recent attack on the NHS was linked to a patient’s death.
Officials said ransomware attacks pose serious risks to operations, finances, and in some cases, lives.
Retailers like Marks & Spencer and Co-op Group were also targeted in recent months.
The proposed changes aim to improve national security and increase public confidence in digital infrastructure.
