UK Government Proposes Sweeping Ransomware Payment Ban

Reading Time: < 1 minute

The UK has unveiled strict new measures to prevent public sector bodies and critical national infrastructure (CNI) operators—such as energy providers, healthcare services, and local authorities—from paying ransomware demands.

The proposals, released after a public consultation, extend an existing ban on government departments.

They also introduce a mandatory reporting system: victims must notify the government within 72 hours of an attack and provide a full analysis within 28 days. Businesses not covered by the ban must still report any intent to pay.

Security Minister Dan Jarvis emphasized the government’s commitment to “disrupting the cybercriminal economy” and working with industry to bolster defenses.