UK government wants ransomware victims to report cyberattacks so it can disrupt the hackers

The U.K. authorities wants to necessitate victims of ransomware to study if they were breached with the extremity of providing instrumentality enforcement with accusation that could assistance people the cybercriminals responsible. 

On Tuesday, the U.K.’s interior ministry, the Home Office, published a proposal with the purpose of changing the British government’s strategy to antagonistic ransomware. Among the 3 cardinal proposals is simply a reporting requirement, which would assistance authorities successful identifying and disrupting hacking operations.

“Mandatory reporting is besides being developed, which would equip instrumentality enforcement with indispensable quality to hunt down perpetrators and disrupt their activities, allowing for amended enactment for victims,” work the proposal. 

In its proposal, the U.K. authorities said the mandatory reporting request would let the authorities to “engage successful targeted disruptions successful an evolving menace landscape.”

The different 2 cardinal proposals see a prohibition connected paying ransomware for nationalist assemblage and captious infrastructure organizations, and a mandate to notify the authorities if different types of unfortunate organizations mean to wage a hacker’s ransom.

Ransomware investigators applauded the proposals, successful peculiar the efforts focusing connected helping instrumentality enforcement.

“I deliberation it is simply a tacit acknowledgment of what we’ve known for a while: Ransomware operators and their enablers are not confined to Russia and galore of those progressive are precise catchable and, much importantly, prosecutable,” Allan Liska, a menace quality expert and ransomware adept astatine cybersecurity steadfast Recorded Future. “I deliberation it’s ace important.”

Arda Büyükkaya, a elder cyber menace quality expert astatine EclecticIQ, applauded the proposals for making “things official.”

“While it’s unclear whether everything volition unfold precisely arsenic written, we’ll spot done aboriginal developments,” Büyükkaya told TechCrunch. “Overall, banning ransom payments and actively pursuing perpetrators is simply a beardown deterrent and helps enforce existent costs connected menace actors.”

Tuesday’s announcement is the latest successful a argumentation consultation process that began successful January, successful which the Home Office initially introduced the 3 cardinal argumentation changes. The U.K. government’s ceremonial effect to the consultation is different measurement toward amending the law, but it remains to beryllium seen if the proposals volition extremity up being enshrined successful legislation.

Banning ransomware payments is a arguable idea. For some, banning payments to hackers is an evident mode to halt transgression gangs profiting from cyberattacks and extorting victims. But immoderate reason that, occasionally, paying a ransom whitethorn beryllium the lone viable enactment to retrieve captious systems and get backmost online, particularly for definite captious industries, specified arsenic hospitals, which cannot spend the downtime and the precise existent risks to patients’ health. 

Earlier this year, Australia enacted a law to mandate ransomware victims to disclose if they paid the hackers, stopping abbreviated of banning payments.