\n<\/p>\n
The U.K. government wants to require victims of ransomware to report if they were breached with the goal of providing law enforcement with information that could help target the cybercriminals responsible.\u00a0<\/p>\n
On Tuesday, the U.K.\u2019s interior ministry, the Home Office, published a proposal<\/a> with the aim of changing the British government\u2019s strategy to counter ransomware. Among the three key proposals is a reporting requirement, which would aid authorities in identifying and disrupting hacking operations.<\/p>\n \u201cMandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better support for victims,\u201d read the proposal.\u00a0<\/p>\n In its proposal<\/a>, the U.K. government said the mandatory reporting requirement would allow the government to \u201cengage in targeted disruptions in an evolving threat landscape.\u201d<\/p>\n The other two key proposals include a ban on paying ransomware for public sector and critical infrastructure organizations, and a mandate to notify the government if other types of victim organizations intend to pay a hacker\u2019s ransom.<\/p>\n Ransomware investigators applauded the proposals, in particular the efforts focusing on helping law enforcement.<\/p>\n \u201cI think it is a tacit acknowledgment of what we\u2019ve known for a while: Ransomware operators and their enablers are not confined to Russia and many of those involved are very catchable and, more importantly, prosecutable,\u201d Allan Liska, a threat intelligence analyst and ransomware expert at cybersecurity firm Recorded Future. \u201cI think it\u2019s super important.\u201d<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco<\/span> Arda B\u00fcy\u00fckkaya, a senior cyber threat intelligence analyst at EclecticIQ, applauded the proposals for making \u201cthings official.\u201d<\/p>\n \u201cWhile it\u2019s unclear whether everything will unfold exactly as written, we\u2019ll see through future developments,\u201d B\u00fcy\u00fckkaya told TechCrunch. \u201cOverall, banning ransom payments and actively pursuing perpetrators is a strong deterrent and helps impose real costs on threat actors.\u201d<\/p>\n Tuesday\u2019s announcement is the latest in a policy consultation process that began in January<\/a>, in which the Home Office initially introduced<\/a> the three key policy changes. The U.K. government\u2019s formal response to the consultation is another step toward amending the law, but it remains to be seen if the proposals will end up being enshrined in legislation.<\/p>\n Banning ransomware payments is a controversial idea<\/a>. For some, banning payments to hackers is an obvious way to stop criminal gangs profiting from cyberattacks and extorting victims. But some argue that, occasionally, paying a ransom may be the only viable option to recover critical systems and get back online, especially for certain critical industries, such as hospitals, which cannot afford the downtime and the very real risks to patients\u2019 health.\u00a0<\/p>\n Earlier this year, Australia enacted a law<\/a> to mandate ransomware victims to disclose if they paid the hackers, stopping short of banning payments.<\/p>\n<\/div>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 27-29, 2025<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n