InfoSecBulletin Cybersecurity for mankind
The UK government plans to ban public sector and critical infrastructure organizations from paying ransomware ransoms. The proposed legislation would apply to local councils, schools, and the NHS.
“Ransomware is estimated to cost the UK economy millions of pounds each year, with recent high-profile ransomware attacks highlighting the severe operational, financial, and even life-threatening risks. The ban would target the business model that fuels cyber criminals’ activities and makes the vital services the public rely on a less attractive target for ransomware groups,” the UK government said.
SoupDealer Malware Bypasses Every Sandbox, AV’s, XDR/EDR in Real-World Incidents
WinRAR Zero-Day and 7-Zip Vulnerability actively exploited
Biometric Clone: ₹5.58 crore loss, 251 accounts in 17 districts
Google Confirms Data Breach: Notifying Affected Users
28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786
Google alerts of cloud storage bucket hijacking attacks
Multiple 0-days to Bypass BitLocker and Extract Data
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials
7 Tools for Automated Server Patching
Germany’s top court rules police may use spyware solely for serious crimes
“We’re determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our Plan for Change. By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware,” Security Minister Dan Jarvis added.
Businesses not covered by the proposed ban must inform the government before making a ransom payment to ensure it doesn’t violate laws on transfers to sanctioned cybercriminal groups, many of which are based in Russia.
A mandatory reporting system is being developed to help law enforcement track attackers and support victims.
The UK government announced a plan after a public consultation in January. This plan includes a ban on ransomware payments for public sector bodies and critical infrastructure, along with mandatory reporting of ransomware incidents.
Ransomware is seen as the biggest cybercrime threat in the UK and is regarded as a national security risk by the NCSC and the NCA.
In recent years, multiple high-profile UK organizations have been hit by ransomware attacks, including the NHS and the British Library.
Co-op CEO Shirine Khoury-Haq said:
“We know first-hand the damage and disruption cyber-attacks cause to businesses and communities. That’s why we welcome the government’s focus on Cyber Crime.
What matters most is learning, building resilience, and supporting each other to prevent future harm. This is a step in the right direction for building a safer digital future.
These robust proposals are part of the government’s Plan for Change to defend businesses, services, and infrastructure against cyber threats to better protect the public.”
