Ransomware payments could soon be a thing of the past in the UK – at least that’s the hope of new controls and mandatory reporting requirements to prevent ransomware from inflicting damage on UK businesses.
Under government proposals, public bodies and operators of critical national infrastructure would be banned from paying up when they’re hit by ransomware – and other businesses would have to be transparent when they decide to cough up the cash.
But can we really put a lid on ransomware? And might the new rules have unintended negative consequences?
In this episode, Jane and Rory discuss the UK government’s new ransomware payment ban and what it could mean for the sector.
Highlights
"You can see why ransomware is is such a lucrative operation for these threat groups, because for some businesses, there's very little argument. You know, 'okay, we plan for this, here's the cash, can we have our data back?.' It's a pretty seamless operation."
"There's been a mixed response from the cybersecurity industry. So some have praised it as a bit of a no brainer, others have warned that it really doesn't do very much to defend businesses, as we've been discussing. Jonathan Wright, who is a partner in the UK Data privacy and cybersecurity practice at Hunton, Andrews Kurth LLP law firm, said that the ban risks punishing the victims."
"We are always covering cases of ransomware causing serious damage to businesses and we recently, in fact, published a piece that said that cyber attacks cost UK businesses alone £64 billion a year. That's including ransom payments, but also staff overtime, lost business and all the other associated costs. So it's clear that it has a major impact on the economy."
Footnotes
- Nearly half of MSPs admit to having a ransomware kitty
- A ransomware payments ban risks criminalizing victims
- The end of ransomware payments: How businesses fit into the fight
- Building ransomware resilience to avoid paying out
- UK government officials consider banning ransomware payments
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Join us on LinkedIn
-
Let’s talk about digital sovereigntyIn the age of AI and cloud, where data resides is a key consideration
-
Lack of visibility creates "cascade" of security risk, says KiteworksNews Organizations that don't keep track of data breaches, shadow AI, and third-party counts face dramatically worse outcomes across every metric
-
Let’s talk about digital sovereignty
In the age of AI and cloud, where data resides is a key consideration
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
We need to talk about operational technologyITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
Supply chain scares and Google’s AI codeITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
