News UK to ban making ransomware payments for some organizations — targets 'public sector bodies and operators of critical national infrastructure

[Admin]

The UK Home Office and National Cyber Security Centre announced that some organizations could be banned from making ransomware payments.

UK to ban making ransomware payments for some organizations — targets 'public sector bodies and operators of critical national infrastructure : Read more

 

[-Fran-]

At a high level, this makes sense, even if it's hard to implement.

My simplistic take is equivalent to funding the Police and forced entry + robbery investigation (prevention is regulation and such). If Companies need to start writing off "randsomware" as losses, they pay less taxes and it's really hard to prove whether they're weasling out or not, so the Gov's need to grow their "internet policing" when facing Corporations in order to actually not lose in the long run.

On the flipside... More "internet policing"... Ugh...

Regards.

 

[DS426]

At a high level, this makes sense, even if it's hard to implement.

My simplistic take is equivalent to funding the Police and forced entry + robbery investigation (prevention is regulation and such). If Companies need to start writing off "randsomware" as losses, they pay less taxes and it's really hard to prove whether they're weasling out or not, so the Gov's need to grow their "internet policing" when facing Corporations in order to actually not lose in the long run.

On the flipside... More "internet policing"... Ugh...

Regards.

Fortunately, this mainly impacts the remaining public sector entities like schools and public hospitals. Private sector businesses will probably get the "we don't recommend paying it" spiel but still have the option assuming it doesn't violate Russian sanctions. Still, one worry is that some orgs just won't report an incident (or report it as ransomware, anyways) and pay a ransom behind the scenes. I don't think this would be common, and overall, this measure does make the U.K. look like a less attractive target for ransomware gangs.

Also recall and for those that don't know that OFAC in the U.S. warned about potential penalties for U.S. companies that violate sanctions via ransomware payments (and note this was prior to Russia's invasion into the Ukraine):
https://ofac.treasury.gov/recent-actions/20201001

 

[hotaru251]

On the flipside... More "internet policing"... Ugh...

i mean that part of world has been pushing that more underr guise of "security" for past few yrs.

its meant to be in good faith but theres ofc issues w/ it but its only something they'll learn properly after it happens.

Honestly if everyone refused to pay they'd eventually stop doing it as there would be no profit.

 

[Notton]

This sort of policy would be sensible only if the government can increase funds to beef up cyber security and provide an unlocking service for those affected.

Otherwise it's no better than police when your TV/bike/car/etc. gets stolen. You won't be compensated for your loss (meaning you have to pay for it out of your own pocket) and they'll never find it within a meaningful time.

 

[Alex/AT]

As fun as it is, total cryptocurrency ban would close the criminal ransom/laundering channel.

 

[GenericUsername109]

This could end up very well, essentially detracting hackers from hacking state entities, as they wouldn't be able to pay, even if they wanted.
Or it could entice hackers to ruthlessly wipe these institutions out. Maybe when they cause enough havoc, the law will be repealed.
I give better odds to the latter, unfortunately. The authoritarians need to learn the hard way, that their power is not limitless.