Skip to main content

UK Government Publishes Consultation on Proposals to Reduce the Threat of Ransomware Attacks

UK Government Publishes Consultation on Proposals to Reduce the Threat of Ransomware Attacks
Friday, January 24, 2025

On January 14, 2025, the UK government opened a consultation seeking views on three proposals aimed at reducing the threat of ransomware attacks. The government intends to introduce legislation to counter ransomware attacks focusing on three key proposals:

  • Proposal 1: A targeted ban on ransomware payments for all public sector bodies, including local government, and for owners and operators of Critical National Infrastructure, that are regulated, or that have competent authorities. Critical National Infrastructure in the UK is comprised of 13 sectors including chemicals, defense, energy, finance, food, health and water. The UK government believes that breaking the cycle of paying ransomware demands is “essential to disrupting the ransomware business model.”
  • Proposal 2: A ransomware payment prevention regime that would require any victim of ransomware (that is not subject to the prohibition of payment under Proposal 1) to engage with the authorities and report their intention to make a ransomware payment before paying threat actors. Authorities would provide guidance and support to the victim, including with respect to potential non-payment resolution options. Information provided through reports and/or further engagement could be used to further intelligence supporting operational activity and contributing to major investigations.
  • Proposal 3: A ransomware incident reporting regime for suspected victims of ransomware, which would apply irrespective of any intention to pay the ransom. Through the consultation process, the UK government is considering whether this obligation should be subject to a threshold.

The consultation closes on April 8, 2025.

Copyright © 2025, Hunton Andrews Kurth LLP. All Rights Reserved.