The UK government has proposed a groundbreaking measure to combat the rising tide of ransomware attacks. A new consultation, launched on January 14, explores banning ransomware payments for operators of critical national infrastructure, including energy providers, healthcare services, and local councils. This expands an existing restriction on government departments.

UK Security Minister Dan Jarvis emphasized the move’s goal: safeguarding national security by depriving cybercriminals of ransom payments, many of which involve cryptocurrency. “These proposals hit criminal networks where it hurts—cutting off their financial lifeline,” Jarvis stated.

The plan includes additional steps to deter ransomware attackers. A ransomware payment prevention regime will offer guidance to victims while blocking payments to sanctioned entities. The government also proposes a mandatory reporting system to help law enforcement target repeat offenders.

This follows a global trend of similar considerations. In 2023, Australia and the United States debated banning ransomware payments after high-profile cyberattacks. The UK’s urgency stems from alarming incidents, such as the January 2023 attack on Royal Mail, which halted international shipping, and an August 2022 breach of health-service software provider Advanced, exposing the personal data of 83,000 people.

The National Cyber Security Centre (NCSC) recorded 430 cyber incidents in the past year, 13 of which posed severe risks to essential services. Its latest report identified ransomware as the most disruptive cyber threat, with attacks delaying medical procedures and disrupting key services like the British Library.

The consultation runs until April 8, signaling the UK’s intent to strengthen its cyber defenses and make critical infrastructure less appealing to attackers.

This decisive step highlights the UK’s commitment to curbing the growing ransomware menace.