The UK government is moving forward with a ban on ransom payments in the public sector, including the NHS, schools, and local councils. This legislation prohibits these institutions from paying ransoms while requiring private companies to report and seek guidance on any payments. Cutting off the financial support for ransomware can severely limit the operational capabilities of cybercriminals. Previous cases show that where jurisdictions impose stricter ransom controls, attacks tend to decrease. Additionally, disrupting the ecosystem supporting cybercrime, including enhancing oversight of cryptocurrency exchanges, is essential for the effectiveness of this ban.
Back in January 2025 the UK government took an important step towards dismantling the ransomware economy by proposing a ban on ransom payments across the public sector. Under this legislation, which is now moving forward following a public consultation, institutions like the NHS, schools and local councils will no longer be permitted to pay out ransoms.
Ransomware actors rely on predictable payouts to sustain their attacks, grow their networks and recruit talent. The return on investment, versus the risk of possible imprisonment makes it worth it.
Starve the machine and its gears grind to a halt. Jurisdictions with tighter ransom controls see fewer attacks. When payments aren't possible, threat actors pivot.
The UK-led takedown of the LockBit group wasn't just a technical win, it was psychological, carried out using their own infrastructure. It shattered morale, sowed confusion and most importantly, ended financial reward.
Collection
[
|
...
]