Skip to main content

Legislative proposals to counter ransomware

Statement made on 14 January 2025

Statement UIN HCWS365

Statement

Today the Government is launching a public consultation on proposed legislative measures to combat the threat of ransomware. We want to protect UK businesses from the most harmful cyber crime facing the UK and facilitate growth.

These measures will hit ransomware criminals in their wallets, cutting off their funding; and improve reporting of these cyber incidents, to shine a light on this criminal world and provide law enforcement with the information they need to pursue criminals.

The National Crime Agency assess ransomware as the greatest serious and organised cyber crime threat, the largest cyber security threat, and a risk to the UK’s national security. Ransomware incidents are continuing an upward trend.

In 2023, incidents of ransomware attacks reported to the Information Commissioner's Office reached their highest level since 2019 and private sector reporting to the National Crime Agency indicates the number of UK victims appearing on ransomware data leak sites has doubled since 2022. This is reflected globally, with 2023 resulting in the highest financial yield for ransomware criminals so far, with an industry estimate of over $1bn.

Ransomware criminals ruin lives, wreck businesses and damage the UK economy. The impacts of ransomware - financial, reputational, psychological, and social - can be wide ranging, as seen in recent incidents, such as those affecting Synnovis the supplier of services to the NHS across London, the British Library, Capita, and Royal Mail.

It is this significant risk of harm that warrants focused and specific intervention to reduce the impact of ransomware across the UK.

We are seeking to build on existing resilience and disruption strategies, including sanctions, where the UK has already sanctioned 36 ransomware criminals, and our work with the international Counter Ransomware Initiative, where the UK led a commitment from 48 countries and two international organisations that their governments would not pay ransoms.

The Home Office has developed three world-leading tailored legislative proposals for consultation - they reflect the seriousness of the threat and the need for transformative action. The measures will be consistent and align with the proposals in the forthcoming Cyber Security and Resilience Bill.

The three measures are:

  1. A targeted ban on ransomware payments for the public sector and critical national infrastructure – making the essential services the country relies on the most unattractive targets for ransomware criminals.
  2. Ransomware payment prevention regime – to increase transparency of criminal demands, and provide victims not covered by the ban with advice and guidance before they decide how to respond.
  3. Mandatory reporting regime for all ransomware incidents – bringing ransomware out of the shadows and maximising information for law enforcement on criminal activity.

The targeted ban will protect the systems that the UK relies on every day for our most critical and essential services. We are making a strong statement to these criminals that there is no financial gain in disrupting the core of our economy.

The consultation explores whether the payment prevention regime should be economy wide or operate via a threshold, with the potential exclusion of individuals and/or small businesses. Such a regime would provide the Government with the ability to block payments and allow law enforcement greater oversight of ransomware, supporting disruptive operations such as the recent success of Operation CRONOS, the NCA-led global collaboration to disrupt Lockbit, one of the most prolific ransomware groups in the world.

For those ransomware incidents that do not result in a payment, we are proposing to introduce a mandatory ransomware incident reporting regime. This could include a threshold-based mandatory reporting requirement for suspected victims of ransomware, with the potential exclusion of individuals and/or small businesses. Our aim is to build the Government and law enforcement’s understanding of the threat landscape and allow us to provide greater levels of support and guidance to victims.

The consultation seeks public input on key issues, including: the extent to which supply chains should be captured in the targeted ban; what support the Government can provide to victims, such as improved guidance; the appropriateness of paying ransoms in any circumstances; and the extent to which information should be shared with authorities. These world-leading measures reflect the new Government's commitment to tackling ransomware and making the UK a less attractive target for such attacks globally.

The consultation will run for 12 weeks, and the Government will publish its response in due course. Copies of the consultation document and the related options assessment will be placed in the Libraries of both Houses and made available on Gov.uk.

Statement from

Home Office

Linked statements

This statement has also been made in the House of Lords

Home Office
Legislative proposals to counter ransomware
Lord Hanson of Flint
The Minister of State, Home Office
Labour, Life peer
Statement made 14 January 2025
HLWS362
Lords