The UK is set to outlaw ransomware payments by public sector bodies and operators of critical national infrastructure, under new proposals unveiled by the Home Office on Tuesday.
The move, aimed at undermining the profitability of cybercrime, would extend an existing ban on government departments paying ransoms to cover entities such as the health service, local councils, and energy providers. Ransomware attacks typically involve malicious software that encrypts systems and demands payment, often in cryptocurrency, to restore access.
Under the proposals, organisations and businesses outside the ban would also face stricter reporting rules. Victims intending to pay ransoms would be required to notify authorities under a new prevention regime. Additionally, a mandatory threshold-based reporting system is being considered, which would compel victims to file an initial report with key details within 72 hours of an attack and a comprehensive analysis within 28 days.
Security Minister Dan Jarvis said the government is “determined to smash the cyber criminal business model and protect the services we all rely on,” adding that the measures will be advanced in partnership with industry stakeholders.
Ransomware preys on businesses and disrupts vital public services like schools and hospitals. We must protect our economy against the criminals who hold organisations to ransom.
I’ve announced our plan to target these criminal networks and smash the ransomware operating model. https://t.co/P2ThripqrX
— Dan Jarvis MP (@DanJarvisMBE) July 22, 2025
The proposals follow a public consultation conducted from January 14 to April 8, which garnered 273 responses. Nearly 75% of respondents supported a targeted ban on ransomware payments, though views were mixed on the broader prevention regime. Almost half backed an economy-wide ban, while 63% favoured implementing the threshold-based reporting system over the current voluntary framework.
However, the prospect of penalties for non-compliance sparked debate. While respondents generally agreed that penalties should apply across all measures, concerns were raised about criminalising victims, with questions remaining over whether sanctions should be criminal or civil in nature.
The move comes as ransomware attacks have seen a notable decline. Blockchain analytics firm Chainalysis reported a 35% drop in incidents last year compared to 2023. In contrast, a June report by CertiK highlighted that the bulk of crypto-related losses this year stemmed from wallet compromises and phishing attacks rather than ransomware.
The Home Office says the proposals are part of wider efforts to strengthen national cyber resilience amid evolving digital threats.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
