The Home Office has announced a public consultation seeking views on three proposals aimed at blocking some of the key business models utilised by ransomware criminals.

The three proposals include a targeted ban on ransomware payments for all public sector bodies and critical national infrastructure. This would expand the existing ban on ransomware payments by government departments and make these sectors an unattractive target for ransomware crime.

There is also a proposed ransomware payment prevention regime, which would increase the National Crime Agency’s awareness of live attacks and criminal ransom demands, provide victims with advice and guidance before they decide how to respond, and enable payments to known criminal groups and sanctioned entities to be blocked.

The plans also include a mandatory reporting regime for ransomware incidents with the aim of maximising the intelligence used by UK law enforcement agencies to warn of emerging ransomware threats and target their investigations on the most prolific and damaging organised ransomware groups.

Richard Horne, CEO of the NCSC, said: “This consultation marks a vital step in our efforts to protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs.

“Organisations across the country need to strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks. This isn’t just about having backups in place: organisations need to make sure they have tested plans to continue their operations in the extended absence of IT should an attack be successful, and have a tested plan to rebuild their systems from backups.”

The consultation will close on 8 April 2025.

---