UK Government Seeks to Combat Ransomware as Millions in Taxpayer Funds Lost to Cybercriminals
Security Minister Dan Jarvis highlights the extensive problem of ransomware payments as new measures are proposed to enhance public sector cyber defense.
The UK government has acknowledged that millions of pounds in taxpayer money have ended up in the hands of cybercriminals over the past few years.
Security Minister Dan Jarvis has outlined the gravity of the situation and proposed new measures to combat ransomware attacks, which have extensively affected public sector organizations such as the NHS.
Dan Jarvis expressed concern over hostile actors potentially extorting thousands from public institutions without the government's knowledge, due to the absence of a mandatory reporting framework.
On Tuesday, the Home Office launched a consultation focused on tackling ransomware, contemplating a ban on public sector bodies from making any ransom payments.
Illustrating the urgent need for reform, Jarvis noted that cybercriminals, often based in nations like Russia, have engaged in tactics effectively holding the UK "to ransom." He revealed in an interview that "significant" sums have been paid, highlighting the severe and international nature of the problem, yet admitting that the lack of mandatory reporting leaves the precise extent of the issue unclear: "The truth of the matter is we don’t know the precise figures because there isn’t a mandatory reporting regime."
In efforts to enhance transparency and increase the National Crime Agency's capacity to respond, the Home Office is considering a mandatory reporting system alongside a payment prevention scheme.
These measures are designed to heighten awareness of current attacks and deter payments to criminal and sanctioned entities.
Downing Street has not provided specific details about past ransomware payments, but it emphasized the necessity of new regulations to address the vulnerabilities identified in the current cyber defense framework.
A spokesman for the Prime Minister acknowledged a 'gap in our armoury' against ransomware threats and argued for the importance of the newly proposed legal changes to shine a light on these covert transactions and bolster intelligence capabilities for law enforcement.
The National Cyber Security Centre (NCSC), which considers ransomware a significant threat to the UK’s cybersecurity, has supported the consultation.
Richard Horne, the NCSC's chief executive, emphasized the importance of organizational resilience against cyber threats, urging entities of all sizes to build and maintain sophisticated cyber defenses and have operational plans that can withstand potential IT disruptions.
The proposed measures aim to fortify national infrastructure and public sector organizations, including the NHS, local councils, and schools, against cybercriminal exploitation.
Recent reports have indicated attacks targeting key London Hospital suppliers and the Royal Mail, underscoring the urgency for a comprehensive cyber strategy.
The consultation represents a proactive step toward securing government-controlled resources and critical public services, seeking to outpace the evolving strategies of cyber adversaries and to safeguard governmental and civilian data integrity in an increasingly digital landscape.
Security Minister Dan Jarvis has outlined the gravity of the situation and proposed new measures to combat ransomware attacks, which have extensively affected public sector organizations such as the NHS.
Dan Jarvis expressed concern over hostile actors potentially extorting thousands from public institutions without the government's knowledge, due to the absence of a mandatory reporting framework.
On Tuesday, the Home Office launched a consultation focused on tackling ransomware, contemplating a ban on public sector bodies from making any ransom payments.
Illustrating the urgent need for reform, Jarvis noted that cybercriminals, often based in nations like Russia, have engaged in tactics effectively holding the UK "to ransom." He revealed in an interview that "significant" sums have been paid, highlighting the severe and international nature of the problem, yet admitting that the lack of mandatory reporting leaves the precise extent of the issue unclear: "The truth of the matter is we don’t know the precise figures because there isn’t a mandatory reporting regime."
In efforts to enhance transparency and increase the National Crime Agency's capacity to respond, the Home Office is considering a mandatory reporting system alongside a payment prevention scheme.
These measures are designed to heighten awareness of current attacks and deter payments to criminal and sanctioned entities.
Downing Street has not provided specific details about past ransomware payments, but it emphasized the necessity of new regulations to address the vulnerabilities identified in the current cyber defense framework.
A spokesman for the Prime Minister acknowledged a 'gap in our armoury' against ransomware threats and argued for the importance of the newly proposed legal changes to shine a light on these covert transactions and bolster intelligence capabilities for law enforcement.
The National Cyber Security Centre (NCSC), which considers ransomware a significant threat to the UK’s cybersecurity, has supported the consultation.
Richard Horne, the NCSC's chief executive, emphasized the importance of organizational resilience against cyber threats, urging entities of all sizes to build and maintain sophisticated cyber defenses and have operational plans that can withstand potential IT disruptions.
The proposed measures aim to fortify national infrastructure and public sector organizations, including the NHS, local councils, and schools, against cybercriminal exploitation.
Recent reports have indicated attacks targeting key London Hospital suppliers and the Royal Mail, underscoring the urgency for a comprehensive cyber strategy.
The consultation represents a proactive step toward securing government-controlled resources and critical public services, seeking to outpace the evolving strategies of cyber adversaries and to safeguard governmental and civilian data integrity in an increasingly digital landscape.
