You’ve heard the phrase: “We don’t negotiate with terrorists.” Well, the UK government seems to have a similar approach to dealing with cybercriminals.
Today, the UK government announced new cybersecurity measures to prohibit public sectors and critical national infrastructure organizations from making ransomware payments to cybercriminals.
In ransomware attacks, cybercriminals steal data or control critical technology infrastructure and then ask for ransom payments to restore access.
A blog post published today by the UK Home Office said the new ransomware rules will affect the country’s National Health Services (NHS), local government committees and schools. The UK government said almost three-quarters of people investigated the proposal’s measures.
Mixable light speed
New cybersecurity rules are designed to protect public organizations and private businesses. According to the homeless computer, the measure will also require businesses to notify the government before making ransomware payments. This will allow the government to prevent payments from being approved in countries such as Russia.
Ransomware is an ongoing cybersecurity threat, and the recent ransomware attack against cryptocurrency exchange Coinbase has won a place in our guide to the largest data breach of the year. In the UK, cybercriminals have also attacked the NHS, most recently retail company Marks & Spencer.
In Coinbase Breach, hackers hold hostage data from nearly 70,000 Coinbase customers and demand $20 million to resume access to the compromised customer support system. Coinbase refused to pay the ransom, instead establishing a $20 million reward to hold the offender responsible for judicial charges and promised to make up for financial losses to its users.
U.S. companies face federal and state regulations requiring them to report ransomware incidents. But, according to the National Legislature Conference, North Carolina is the only state that prohibits payments to ransomware. In addition, the law applies only to state agencies and local governments.
The new UK rules could be the beginning of a new method of ransomware compensation, an international issue for governments and businesses.
