The U.K. government encourages ransomware victims to report breaches to help law enforcement find crooks.
The Home Office proposed modifying the British government’s ransomware approach on Tuesday. One of the three main recommendations is a reporting requirement to help authorities find and stop hackers.
“Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better victim support,” the proposal stated.
The U.K. government proposed mandatory reporting to “engage in targeted disruptions in an evolving threat landscape.”
Other central ideas include a ban on public sector and critical infrastructure organizations paying ransomware and a requirement to notify the government if other victim organizations intend to do so.
Ransomware investigators praised the recommendations, especially those supporting law enforcement.
“I think it is a tacit acknowledgment of what we’ve known for a while: Ransomware operators and their enablers are not confined to Russia and many of those involved are very catchable and, more importantly, prosecutable,” said Recorded Future threat intelligence analyst and ransomware expert Allan Liska. I consider it crucial.”
Senior cyber threat intelligence analyst Arda Büyükkaya of EclecticIQ praised the suggestions for making “things official.”
“While it’s unclear whether everything will unfold exactly as written, we’ll see through future developments,” Büyükkaya told TechCrunch. “Overall, banning ransom payments and actively pursuing perpetrators deters and costs threat actors.”
On Tuesday, the Home Office announced the three significant policy changes after a policy consultation process that began in January.
The U.K. government’s formal response to the survey is another step toward altering the law, but it’s unclear if the recommendations will be enacted.
Ruling out ransomware payments is controversial. Some think outlawing hacker payments is a simple method to deter criminal groups from benefiting from cyberattacks and extorting victims.
However, ransom may be the only way to recover crucial systems and get back online, especially for hospitals, which cannot afford the downtime and health hazards.
Australia passed a rule last year requiring ransomware victims to report if they paid hackers, but not outlawing them.
