Governments have routinely urged ransomware victims not to pay ransom demands, as it only encourages them to attack even more victims. Now the UK government may prohibit government and public sector entities from paying. LBC reports:
Security minister Dan Jarvis told LBC: “We want these cyber criminals who operate from Russia and elsewhere to look at the UK as a place to avoid and we think that these measures will go a long way towards that goal.
“If they understand that they’re not going to be able to extort money, that a ransom is not going to be paid, then these targets become much less attractive, and they will go elsewhere.
But will they, or will entities just not admit that they have paid and try to pay by means that the government will not detect? And what happens when critical services are disrupted and backups have been deleted? Will entities still uphold any prohibition?
Paul Foster, head of the national cyber security centre, told LBC:
“Our reasonable estimates are that perhaps as much as 70 percent of ransomware attacks are not reported to law enforcement.
But is that because the victims paid or is there some other reason for the lack of disclosure, such as fear of reputation loss or a public relations mess?
Read more at LBC. The Register provides additional details:
Announced today, the 12-week consultation will run from January 14 to April 8 and explore three proposals, the first of which is the total payment ban for the public sector and critical national infrastructure (CNI) organizations.
The overarching notion is to make the prospect of targeting these sectors undesirable for financially motivated criminals. It would also involve mandatory reporting of incidents to support law enforcement and intelligence agencies.
Secondly, “a ransomware payment prevention regime,” as the Home Office is calling it, would take the first proposal even further. This idea assumes that a public sector payment ban would be implemented, and then additionally require that any organizations and businesses not covered by an existing ban seek the government’s approval before they pay the ransom. It would be something of a ransomware payment “license,” which may or may not be issued depending on the nature of the incident.
Read more at The Register.