In January 2025, the UK government made a significant move towards dismantling the ransomware economy by introducing a ban on ransom payments within the public sector. This legislation, currently advancing after a public consultation, will prohibit institutions like the NHS, schools, and local councils from paying ransoms. While private companies will still be allowed to make payments, they will be required to report them and seek official guidance.
This groundbreaking decision has the potential to greatly impact the highly organized world of cybercrime. As someone with experience in military intelligence, I understand the importance of disrupting the financial flow to terrorist groups. Cutting off their funding can severely limit their operational capabilities. The same principle applies to ransomware attackers who rely on payouts to sustain their activities and expand their networks.
Ransomware groups not only extort money but also reinvest it to fund future attacks, support illicit activities, and destabilize global security. This ban is a crucial step in disrupting their operations and reducing their impact.
History has shown that jurisdictions with strict ransomware controls experience fewer attacks. The recent UK-led takedown of the LockBit group not only demonstrated technical prowess but also dealt a psychological blow to the attackers. By targeting their infrastructure, morale was shattered, confusion sowed, and financial incentives eliminated.
However, a ban on ransom payments cannot stand alone. It must be complemented by measures that address the infrastructure supporting cybercrime. Crypto exchanges should have reporting obligations similar to traditional banks, and platforms facilitating money laundering must face sanctions and global scrutiny.
To effectively combat ransomware, the UK government’s new policy must be supported by a comprehensive strategy. This includes investing in law enforcement operations, strengthening cybersecurity requirements for digital providers, regulating cryptocurrency markets, educating frontline staff on cybersecurity, and fostering real-time intelligence sharing between public and private sectors.
Support and resources must also be provided to entities affected by the ban to ensure they have robust backup and restoration solutions in place. By disrupting the flow of money, the UK has taken a strategic step against ransomware, and industry support is crucial in this fight.
