The U.K. government issued a new proposal this week that would require victims of ransomware attacks to notify law enforcement so they could disrupt the criminals’ activities before the ransom is paid.
In a Tuesday report from the U.K. Interior Ministry, the British government laid out three proposals aimed at countering ransomware attacks in the country.
First, the proposal seeks a ban on ransomware payments for “owners and operators of regulated critical national infrastructure and the public sector.” Essentially, leaders of government offices in the U.K. would be banned from cooperating with hackers without informing law enforcement first.
The proposal also includes a mandatory reporting requirement, which would aid law enforcement in tracking and eventually disrupting hacking operations, according to the Interior Ministry.
“The proposals are a targeted and proportionate response to the most significant cyber national security threat facing the U.K.,” the proposal reads.
According to survey results included in the report, respondents were overall supportive of the ban on ransomware payments for public sector organisations and the reporting requirements. However, respondents felt that the government’s proposal to create a ransomware payment prevention regime would create significant loopholes for businesses and leave some smaller organizations vulnerable.
Indeed, while some see a ban on ransomware payments as an easy way to disincentivize hackers from ransoming valuable data, some could see paying the ransom as a quick way to get back their information without relying on government actions.
Some countries have adopted harsh ransomware payment laws without outright banning the practice. Australia last year adopted a law that requires victims to inform the government if they paid a ransom.
North Carolina and Florida also have state-level bans on ransomware payments, which prevent government actors from negotiating with hackers.
• Vaughn Cockayne can be reached at vcockayne@washingtontimes.com.