In a bold move to combat cybercrime, the UK government has unveiled a new proposal that would require ransomware victims to report cyberattacks. This initiative aims to provide law enforcement with critical intelligence to identify, track, and disrupt malicious hacking groups.

The proposal, released by the Home Office, outlines a revamped national strategy to counter the growing threat of ransomware. Central to this strategy is the introduction of mandatory breach reporting, ensuring that authorities receive timely data to launch targeted operations against cybercriminals.

“Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities,” the official proposal states.

By requiring victims to come forward, the government seeks to enhance its ability to act proactively in a rapidly evolving threat landscape, where sophisticated ransomware actors often operate across borders and time zones.

Three Pillars of the Proposal

The UK government’s proposal is built around three core policy changes:

1. Mandatory ransomware incident reporting to law enforcement.
2. A ban on ransom payments by public sector bodies and critical infrastructure organizations.
3. A notification requirement for other organizations that intend to pay a ransom.

This approach aims to deter ransomware attacks by reducing the profitability of extortion and increasing the risk of law enforcement action against perpetrators.

Cybersecurity professionals and threat analysts have welcomed the initiative. Allan Liska, a renowned ransomware expert at Recorded Future, highlighted the practical implications of the proposal:

“This is a strong acknowledgment that ransomware gangs and their enablers are not invincible. Many of them can be caught and prosecuted — and that’s critical.”

A Broader Shift Toward Accountability

Other experts, such as Arda Büyükkaya, senior cyber threat intelligence analyst at EclecticIQ, noted that the formalization of these measures sends a strong signal to both defenders and attackers.

“While not all elements may be implemented exactly as proposed, this direction helps establish real consequences for cybercriminals and pushes for more accountability.”

This latest proposal follows a public consultation process that began earlier this year. While it is not yet law, the UK government’s formal response marks a step closer to potential legislation.

The Debate Over Banning Ransom Payments

However, the idea of banning ransomware payments remains controversial. Proponents argue that eliminating financial incentives is key to dismantling the business model behind ransomware. Critics warn that in some cases — particularly in healthcare or other mission-critical industries — paying a ransom may be the only way to restore operations and prevent serious harm.

Earlier this year, Australia introduced a law that requires ransomware victims to disclose whether they paid a ransom, although it stopped short of banning payments entirely.

As more countries consider similar measures, the cybersecurity community watches closely. One thing is clear: government involvement and proactive regulation are becoming central to the global fight against ransomware.

Source: https://techcrunch.com/2025/07/22/uk-government-wants-ransomware-victims-to-report-cyberattacks-so-it-can-disrupt-the-hackers/