ChannelLife UK - Industry insider news for technology resellers
United Kingdom

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Frightened office worker uk government building computer lock police investigation
#
Virtualisation
#
Ransomware
#
Smart Home

UK set to ban ransomware payments in public sector crackdown

Wed, 23rd Jul 2025
Author image
By Shannon Williams, News Editor

The United Kingdom government has unveiled a significant set of proposals aimed at curbing the growing menace of ransomware attacks. Under the new plans, public sector bodies and organisations managing critical national infrastructure would face a ban on making ransom payments to cyber criminals. In parallel, private businesses would be legally required to notify authorities if they intend to pay a ransom to such attackers. The move marks a notably robust response from the government in tackling ransomware, a form of cybercrime that has proliferated in recent years, targeting healthcare providers, local authorities, schools, and private companies alike.

The Home Office's plan to intensify the fight against ransomware emerges in the wake of high-profile cyber-attacks, including a major incident earlier this year involving Marks & Spencer. The retailer declined to disclose whether it had paid cyber criminals a ransom, a stance that highlighted the sensitive and often undisclosed nature of ransomware negotiations. The proposals aim not only to choke off funds for organised criminal groups but also to gather vital intelligence to inform future policy and law enforcement actions.

Mark Jones, a partner with expertise in dispute resolution at Payne Hicks Beach, noted the implications of the government's strategy for both public and private sector entities. "Public sector bodies are to be banned from paying ransom demands following cyber-attacks. By banning the payment of ransoms, the government hopes that it will cut off the funding relied upon by the cyber criminals," he explained. For businesses outside the ban's scope, Jones pointed to the introduction of mandatory reporting requirements. "Mandatory reporting is also proposed so as to build up the body of intelligence in this area. This raises both financial and reputational concerns for organisations. It is also unusual for victims of a crime to be required by law to report that they have been a victim."

However, Jones also sounded notes of caution, observing that outright bans may unintentionally penalise victims. He referenced Italy, where similar laws have been in place: "A survey in Italy, where paying extortionists is illegal under existing laws, 43% of organisations still admit to paying ransomware payments." The comment highlights the practical challenges of enforcement and the continuing risks faced by organisations, even when they comply with legal obligations.

The complex international nature of cybercrime also presents obstacles. "A key difficulty remains with holding the cyber criminals to account. Tracking down the cyber criminals is both time consuming and expensive and law enforcement is already over-stretched," Jones added, noting that many perpetrators operate from jurisdictions with limited cooperation agreements and where political tensions may hamper investigation and prosecution efforts.

Magnus Jelen, Lead Director of Incident Response UK & EMEA at Coveware by Veeam, underlined the significance of the UK's approach. He remarked that the nation may serve as a "guinea pig" for such policies, raising questions as to whether the UK will stand alone or be joined by other countries enacting similar bans. The global stage, he indicated, will watch with interest to assess the results and implications of the UK's initiative.

Scott Walker, CSIRT Manager at Orange Cyberdefense, endorsed the government's measures as a timely and necessary intervention. "These new measures from the UK government are, without a doubt, the correct move. They are exactly what the industry has been waiting for … a new ransomware payment prevention scheme, and an enhanced ransomware instant reporting regime," Walker stated. He also debunked the misconception that ransomware groups behave like conventional businesses. "In reality, most attackers have an aggressive disdain for victims and see them as merely collateral in their pursuit of a payday, providing little or no support once paid." Walker stressed the importance of removing financial incentives: "Remove the motive, and you remove the incentive. The UK is among the first countries to push ahead with banning ransomware payments, and I expect much of Europe – and ultimately, the rest of the world – will follow suit."

The government's new proposals are now poised to prompt further industry, public and political debate. As cyber threats continue to evolve, the coming months will reveal whether the UK's tough stance can inspire similar action internationally and, ultimately, reduce the reach and profitability of ransomware for cybercriminals.

Related stories
Ethique founder launches tablets to replace soft drinks
DroneShield names Michael Powell new chief operating officer
Finalists revealed for 2025 everywoman in Tech Awards
North West firms step up apprentice hiring after reforms
Governance gaps stall Microsoft automation at scale

Top stories

AA launches AI apprenticeship with Multiverse in UK
PPDS unveils Philips Signage 2000 entry-level range
KPMG deepens SAP alliance to drive cloud & AI shift
Nebula links partner rewards to ESG outcomes at renewal
ADLINK unveils Xeon edge GPU servers for AI vision