New UK law would ban ransomware payments by publicly funded orgs

The British government has announced plans to introduce a new law that would prohibit public organizations, such as schools, town councils, NHS hospitals, and critical infrastructure managers, from paying off ransomware attackers. The logic behind this ban is to disrupt the cybercriminal business model by denying them a lucrative target. The UK has experienced several serious ransomware attacks in the last two years, and the government's announcement suggests that nearly three-quarters of public comments on the proposed legislation were supportive. While bans on ransom payments are a popular solution to the growing ransomware threat, their effectiveness is still unclear. Some critics argue that certain organizations, like hospitals, may be unable to afford the long-term disruption of leaving the ransom unpaid and may choose to pay in unaccountable ways. Additionally, some hacking groups may have aims beyond financial gain and may continue their attacks to sow political chaos. The UK is the first nation to propose a ransomware payment ban, and the outcome of this legislation is likely to inform how other countries respond to the ongoing threat of cybercrime.