UK government wants ransomware victims to report breaches so it can carry out ‘targeted disruptions’ against hackers
The U.K. government is moving to mandate that ransomware victims report breaches, a strategic move aimed at arming law enforcement with crucial intelligence to conduct ‘targeted disruptions’ against cybercriminals.
On Tuesday, the U.K.’s interior ministry, the Home Office, unveiled a refined proposal as part of its evolving strategy to combat ransomware. Central to these changes is a new reporting requirement designed to empower authorities in identifying and dismantling hacking operations more effectively.
The proposal explicitly states: “Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better support for victims.” This intelligence is crucial for the government to “engage in targeted disruptions in an evolving threat landscape.”
Beyond mandatory reporting, the initiative includes two other significant proposals: a ban on ransomware payments for public sector and critical infrastructure organizations, and a requirement for other victim organizations to notify the government if they intend to pay a hacker’s ransom.
Cybersecurity experts have largely welcomed these proposed measures, particularly those focused on bolstering law enforcement capabilities. Allan Liska, a threat intelligence analyst and ransomware expert at cybersecurity firm Recorded Future, commented, “I think it is a tacit acknowledgment of what we’ve known for a while: Ransomware operators and their enablers are not confined to Russia and many of those involved are very catchable and, more importantly, prosecutable. I think it’s super important.”
Arda Büyükkaya, a senior cyber threat intelligence analyst at EclecticIQ, also expressed approval, noting the proposals make “things official.” He added, “While it’s unclear whether everything will unfold exactly as written, we’ll see through future developments. Overall, banning ransom payments and actively pursuing perpetrators is a strong deterrent and helps impose real costs on threat actors.”
Tuesday’s announcement represents the latest phase in a policy consultation process that commenced in January, when the Home Office first introduced these three key policy changes. While a significant step, it remains to be seen how swiftly these proposals will be codified into legislation.
The concept of banning ransomware payments remains a subject of considerable debate. Proponents argue it’s a direct method to cut off criminal gangs’ funding and dismantle their profit model. However, critics contend that in certain critical scenarios, particularly for sectors like healthcare where downtime poses severe risks, paying a ransom might be the only viable option to restore essential systems and mitigate immediate dangers to public safety.
Comparatively, Australia earlier this year enacted legislation that mandates ransomware victims to disclose if they made payments to hackers, though it stopped short of imposing a complete ban on such transactions.
