GLD Vacancies

MKLS Vacancies

MKLS Vacancies

Councils, NHS and schools to be banned from making ransomware payments

The Government has announced plans to ban local councils, NHS bodies and schools from making ransomware payments in order to make them unattractive targets for criminals.

The Home Office said it plans to launch a consultation on proposals to ban all public sector organisations from paying off hackers and make it mandatory for public sector bodies to report ransomware incidents.

The move will be an expansion of the current ban on payments by Government departments and is aimed at stopping cybercrime, which is estimated to cost the UK economy billions of pounds every year.

The Home Office-led consultation will consider the following three proposals:

  • A targeted ban on ransomware payments for all public sector bodies and critical national infrastructure – "expanding the existing ban on ransomware payments by government departments, and making the essential services the country relies on the most unattractive targets for ransomware crime".
  • A ransomware payment prevention regime – "increasing the National Crime Agency's (NCA) awareness of live attacks and criminal ransom demands, providing victims with advice and guidance before they decide how to respond, and enabling payments to known criminal groups and sanctioned entities to be blocked".
  • A mandatory reporting regime for ransomware incidents – "bringing ransomware out of the shadows and maximising the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats, and target their investigations on the most prolific and damaging organised ransomware groups".

Government figures suggest the number of UK victims appearing on ransomware data leak sites has doubled since 2022.

Local government has been the target of cyber-attacks on numerous occasions.

In August 2024, Bolton Council, Manchester City Council and Salford City Council all fell victim to a cyber breach which targeted council software.

Hackney Council was meanwhile reprimanded in July 2024 by the Information Commissioner's Office (ICO) following an attack in 2020 after the regulator found examples of a "lack of proper security and processes" at the London borough.

However, Hackney maintained that the ICO had "misunderstood the facts and misapplied the law with respect to the issues in question".

Commenting on the consultation, Security Minister Dan Jarvis said: "With an estimated $1 billion flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this Government's Plan for Change is built.

"These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate.

"Today marks the beginning of a vital step forward to protect the UK economy and keep businesses and jobs safe."

Adam Carey