In a bid to weaken cybercriminals, the UK government is finalizing a ban on ransomware payments for public sector entities and critical infrastructure—including energy, healthcare, and local governments.
The policy, shaped by a recent consultation, builds on an existing ban for government departments. It also imposes new reporting rules: victims must submit an initial alert within 72 hours and a full review within 28 days. Private firms must declare any ransom payments.
Security Minister Dan Jarvis framed the move as part of a broader strategy to “protect essential services” by dismantling ransomware economics.
