The British government to move forward with a law that would bar public organizations from paying off ransomware attackers. The proposed legislation would add schools, town councils, National Health Service (NHS) hospitals and critical infrastructure managers to a ban which already applies to the national government.
The logic behind banning payments is simple. If cybercriminals know a ransomware attack against a UK school or hospital won’t get them paid, they’ll look somewhere else for a more lucrative target. Security Minister Dan Jarvis said that the government is “determined to smash the cyber criminal business model,” and added that laws in the proposed package will require even private businesses to seek guidance from the government before paying a ransom.
Since the WannaCry attack on the NHS in 2017 launched the modern era of ransomware attacks, the UK has suffered a number of serious incidents. In , attacks have hit the British Library, the BBC and the Ministry of Defence. This may explain why, according to the government’s announcement, “nearly three quarters” of public comments on the ban legislation were supportive.
Although bans on ransom payments are a popular solution to the of ransomware, there’s currently not much data on whether they work. Two US states, North Carolina and Florida, have enacted similar bans, but . Critics argue that some organizations, especially hospitals, can’t afford the long-term disruption of leaving the ransom unpaid, and . Furthermore, some hacking groups have aims other than money, and may continue ransomware attacks .
The UK is moving into uncharted territory as the first nation to pass a ransomware payment ban. We’ll be interested to see whether it helps get attacks under control. Either way, the outcome is likely to inform how other countries respond to the continuing threat of cybercrime.
Source link