Expert comment on the UK Government’s Ransomware Ban Plans

With the UK government set to extend the ransomware payment ban, there’s growing pressure on government organisations to implement strategies and technology to upgrade their lagging IT infrastructure.   

Banning the payment of ransoms for organisations, such as NHS trusts, schools and councils, sends a clear and much needed signal to hackers – but it may have the unintended consequence of putting massive pressure on these government organisations to implement strategies and technology to upgrade their lagging IT infrastructure and ensure high standards of data classification, management, protection and recovery. 

 While the lack of a pay day should put bad actors off targeting government organisations, many ransomware attacks are indiscriminate and rely on chance to find an open vulnerability to attack. Given that ransomware will inevitably find its way to government-aligned organisations, such as the NHS, taking payment off the table leaves them only two options: ensure that they are 100% resilient or put patients at critical risk. 

 The technology exists to protect these government organisations, but many NHS trusts and councils are still using older IT infrastructures that are typically more vulnerable to attack. This new no-pay mandate will need to come with a strong wraparound package of guidance and financial support to ensure that government organisations have expertise and tools to simply achieve true resilience.