Uk Government Wants Ransomware Victims To Report Cyberattacks So It Can Disrupt The Hackers

The U.K. authorities wants to require victims of ransomware to study if they were breached pinch nan extremity of providing rule enforcement pinch accusation that could thief target nan cybercriminals responsible. 

On Tuesday, nan U.K.’s interior ministry, nan Home Office, published a proposal pinch nan purpose of changing nan British government’s strategy to antagonistic ransomware. Among nan 3 cardinal proposals is simply a reporting requirement, which would assistance authorities successful identifying and disrupting hacking operations.

“Mandatory reporting is besides being developed, which would equip rule enforcement pinch basal intelligence to hunt down perpetrators and disrupt their activities, allowing for amended support for victims,” publication nan proposal. 

In its proposal, nan U.K. authorities said nan mandatory reporting request would let nan authorities to “engage successful targeted disruptions successful an evolving threat landscape.”

The different 2 cardinal proposals see a prohibition connected paying ransomware for nationalist assemblage and captious infrastructure organizations, and a instruction to notify nan authorities if different types of unfortunate organizations intend to salary a hacker’s ransom.

Ransomware investigators applauded nan proposals, successful peculiar nan efforts focusing connected helping rule enforcement.

“I deliberation it is simply a tacit acknowledgment of what we’ve known for a while: Ransomware operators and their enablers are not confined to Russia and galore of those progressive are very catchable and, much importantly, prosecutable,” Allan Liska, a threat intelligence expert and ransomware master astatine cybersecurity patient Recorded Future. “I deliberation it’s ace important.”

Arda Büyükkaya, a elder cyber threat intelligence expert astatine EclecticIQ, applauded nan proposals for making “things official.”

“While it’s unclear whether everything will unfold precisely arsenic written, we’ll spot done early developments,” Büyükkaya told TechCrunch. “Overall, banning ransom payments and actively pursuing perpetrators is simply a beardown deterrent and helps enforce existent costs connected threat actors.”

Tuesday’s announcement is nan latest successful a argumentation consultation process that began successful January, successful which nan Home Office initially introduced nan 3 cardinal argumentation changes. The U.K. government’s general consequence to nan consultation is different measurement toward amending nan law, but it remains to beryllium seen if nan proposals will extremity up being enshrined successful legislation.

Banning ransomware payments is a arguable idea. For some, banning payments to hackers is an evident measurement to extremity criminal gangs profiting from cyberattacks and extorting victims. But immoderate reason that, occasionally, paying a ransom whitethorn beryllium nan only viable action to retrieve captious systems and get backmost online, particularly for definite captious industries, specified arsenic hospitals, which cannot spend nan downtime and nan very existent risks to patients’ health. 

Earlier this year, Australia enacted a law to instruction ransomware victims to disclose if they paid nan hackers, stopping short of banning payments.