UK Plans Mandatory Ransomware Reporting, Payment Ban Public Sector

The U.K. government is advancing a comprehensive strategy to combat ransomware attacks, including mandatory reporting of cyberattacks by victims to law enforcement to better track and disrupt criminal operations. Public sector bodies and critical infrastructure operators, such as the NHS and local councils, would be banned from paying ransomware demands, aiming to undermine cybercriminals' business models. Businesses not subject to the ban would be required to notify the government if they intend to pay a ransom, allowing authorities to offer guidance and prevent illegal transactions involving sanctioned groups. The government is still clarifying the scope and enforcement details of these measures, including which organizations will be covered and how supply chains will be managed. Experts have welcomed the proposals as a stronger deterrent and a necessary step toward protecting vital services and national security. Despite these efforts, questions remain about the full effectiveness and implementation timeline of the new ransomware legislation.