UK ‘trying to beat hackers at their own game’ as government plans to stop firms paying ransomware demands

14 January 2025, 11:33

The NHS, rail operators and water companies could soon be blocked from paying ransomware demands, under government plans.

Officials say the crime is the ‘most significant’ online threat facing the UK, having halted appointments in parts of the NHS and caused disruption to transport services in London.

A Home Office consultation is underway, to consider expanding an existing ban on government departments making ransomware payments.

They’re often demanded by cybercriminals to unlock or return files they have accessed after breaking into a computer system.

The government said it believed the block would help make national infrastructure and public sector bodies less appealing targets.

Read more: Gangs flying zombie knives into prisons by drone, handing 'most dangerous men in the UK very unpleasant weapons'

Read more: Gaza ceasefire talks 'nailing down final details' and deal 'very close', mediator says

Security minister Dan Jarvis told LBC: “We want these cyber criminals who operate from Russia and elsewhere to look at the UK as a place to avoid and we think that these measures will go a long way towards that goal.

“If they understand that they’re not going to be able to extort money, that a ransom is not going to be paid, then these targets become much less attractive, and they will go elsewhere.

“Fundamentally, this is about breaking the business model, which is based on cash. If they’re not going to get money in return for it, they’re not going to seek to extort information.

“This is a world leading new mechanism which will mean that we are much better protected here in the UK than elsewhere.”

It’s thought around a billion pounds has been paid by UK firms to cyber criminals who demand ransoms.

But the National Crime Agency has warned that the true scale of the threat is unknown, with some companies too nervous to report it.

Paul Foster, head of the national cyber security centre, told LBC: “The consequences of a ransomware attack can be devastating but it’s a hugely underreported crime type.

“Our reasonable estimates are that perhaps as much as 70 percent of ransomware attacks are not reported to law enforcement.

“It can have a significant effect on operations – stopping businesses from delivering a service – there are regulatory implications in terms of data protection and of course reputation implications.”

430 cyber incidents were managed by UK authorities between September 2023 and August 2024, including 13 ransomware incidents which were deemed to be nationally significant.

Reporting to the National Crime Agency indicates the number of UK victims appearing on ransomware data leak sites has also doubled since 2022.

Paul Foster added that his team is also working to strike back when it comes to cyber criminals, through sanctions, arrest warrants and return cyber-attacks, to take down their infrastructure.

He said: “Any means that we can use to get after those individuals, we’ll take it.

“We’re arresting them, we’re taking down their infrastructure, we’re finding ways to beat them at their own game.”