Westminster, UK

Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments

Officials in Britain are set to propose a major overhaul of how the country responds to ransomware attacks by requiring all victims to report incidents to the government, and then obliging those victims to seek a license before making any extortion payments.

The proposals will be included in a public consultation to be published next month, according to multiple sources with knowledge of the matter who spoke to Recorded Future News.

Also being put forward is a complete ban on ransom payments for organizations involved with critical national infrastructure. The ban intends to remove the incentive for hackers to disrupt these critical services by preventing them from monetizing attacks.

British officials believe the mandatory reporting requirement would help illuminate the true scale of the problem, which is a known unknown for policy officials. Last year the National Cyber Security Centre and the Information Commissioner’s Office warned that they were “increasingly concerned” ransomware victims were keeping incidents secret.

But the new obligation on victims to report ransomware attacks could depend on the successful replacement of Action Fraud, the country’s official fraud and cybercrime reporting platform. Earlier this year officials from the City of London Police admitted that the replacement service, which is being built by outsourcer Capita, was delayed.

It is not yet clear how the licensing regime would work. While the move is expected to complement the mandatory reporting requirement and potentially help some victims realize they had an alternative to making an extortion payment, there are concerns that in some cases the application process could delay recovery and potentially increase the harm and disruption caused by a ransomware attack.

Public consultation

The proposals are expected to develop further before becoming a reality and are likely to need the government to pass new laws. Public consultations are a feature of the British legislative process, taking place when policy ideas are in their earliest stages so that everyone impacted by the proposals has an opportunity to make representations to the government.

Once a consultation is finally completed, the government normally takes up to 12 weeks before publishing its response and then setting out its plans to amend or introduce new legislation addressing the issue.

It is unlikely the government will be able to introduce any new bills to Parliament before the next general election, expected later this year. The opposition Labour Party, which is currently 20 points ahead in the polls, has not set out its policy position on ransomware or any cybersecurity issues.

Even if the proposals are not immediately implemented, they mark a dramatic development in how governments around the world are responding to the ransomware crisis. The United Kingdom is the co-lead for such policy developments in the Counter Ransomware Initiative, the international multilateral forum on the issue, and the move could be followed by the other 48 participating countries.

A government spokesperson told Recorded Future News that tackling ransomware attacks was “a key priority” and that the United Kingdom stood “well prepared to respond” to the issue.

The government’s response to the ransomware crisis has previously been criticized. A parliamentary report last year warned there was a “high risk” that Britain faced a “catastrophic ransomware attack at any moment” due to what it said was the Home Office’s inability to get a grip on the problem.

Due to the current lack of a mandatory reporting requirement, there is no objective count of how commonplace ransomware attacks truly are. However, data published by the Information Commissioner’s Office has revealed that in 2023 organizations in Britain reported more data breaches due to ransomware attacks than ever before.

Officials in Westminster have been urged to put more money behind operations to disrupt ransomware gangs in the wake of the growing numbers of attacks. The government spokesperson said the policy includes “pursuing malicious cyber criminals, as shown by the recent disruption of LockBit, once considered the world’s most harmful ransomware group.”

“The UK is also strengthening the global response to ransomware, securing an unprecedented international agreement to denounce payments,” the spokesperson said. “We will continue to work with our international partners, law enforcement agencies and industry on this vital issue.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.