The Home Office consulted on introducing legislation to counter ransomware and meet three main objectives:

to reduce the amount of money flowing to ransomware criminals from the UK, with the aim of deterring criminals from attacking UK organisations;

to increase the ability of operational agencies to disrupt and investigate ransomware actors by increasing the government’s intelligence around the ransomware payment landscape; and

to enhance the government’s understanding of the threats in this area to inform future interventions, including through cooperation at international level.

The proposals fell under three main headings:

A targeted ban on ransomware payments for owners and operators of regulated critical national infrastructure and the public sector;

A ransomware payment prevention regime; and

A mandatory incident reporting regime.

It has now issued its response to that consultation. It says that overall, the consultation responses demonstrated strong support for the implementation of a new mandatory reporting system. The government will continue to develop this proposal. Further work will be conducted to determine the scope and whether any requirements should be based on a threshold, as well as appropriate and proportionate penalties for non-compliance.

Around half of respondents thought civil penalties would be appropriate for non-compliance (compared to 28% for criminal penalties), but it was acknowledged by respondents that this should be tailored for different organisations and individuals. The government will consider appropriate and proportionate penalties.

Three-quarters of respondents thought that 72 hours was a reasonable timeframe for a suspected ransomware victim to make an initial report of the incident. Therefore, the government will keep 72 hours as the suggested reporting timeframe.

Respondents also had strong feelings about several additional support measures that should be made available to victims, including guidance documents, NCSC/law enforcement support, threat intelligence support on ransomware criminals/trends and operational updates from law enforcement. The government will continue to work with partners to consider appropriate and proportionate victim support.