Governments across the globe test varied methods to reduce cybercrime, yet outlawing ransomware payouts stands out as especially controversial. A move toward limiting such payments gains traction in the United Kingdom, suggests Jen Ellis, an expert immersed in shaping national responses to ransomware threats.
Banning ransom payments might come soon in Britain, according to Ellis, who shares leadership of the Ransomware Task Force at the Institute for Security and Technology. While she expects this step, she warns against seeing it as a fix-all move. From her point of view, curbing victim payouts does little to reduce how often hackers strike – since offenders operate beyond such rules. Still, paying ransoms brings moral weight: those funds flow into networks built on digital crime. Though impact may be narrow, letting money change hands rewards illegal behavior.
Now comes the part where Ellis anticipates UK authorities will boost their overall cybersecurity setup before touching payment rules. Lately, an upgraded Cyber Action Plan has emerged – this one reshapes goals meant to sharpen how the country prepares for and reacts to digital threats. Out in the open now, this document hints at a fresh push to overhaul national defenses online.
A key new law now moving forward is the Cyber Security and Resilience Bill, having just reached its second parliamentary debate stage. Should it become law, stricter rules on disclosing breaches will apply, while monitoring weak points in supplier networks becomes compulsory for many businesses outside government. With these steps, clearer insight into digital threats emerges – alongside fewer large-scale dangers tied to external vendors. Though details remain under review, accountability shifts noticeably toward proactive defense.
After advances in these efforts, according to Ellis, officials might consider limiting ransomware payments. Though unclear when or how broadly such limits would take effect, she anticipates they would not apply uniformly. It remains undecided if constraints would affect solely major entities, focus on particular sectors, or permit exceptions based on set conditions. Whether groups allowed to make payments must first gain authorization – especially to align with sanction rules – is also unsettled.
In talking with the Information Security Media Group lately, Ellis touched on shifts in how ransomware groups operate. Not every group follows the same pattern – some now avoid extreme disruption, though outfits like Scattered Spider still stand out by acting boldly and unpredictably. Payment restrictions came up too, since they might reshape what both hackers and targeted organizations expect from these incidents.
Working alongside security chiefs and tech firms, Ellis leads NextJenSecurity to deepen insight into digital threats. Her involvement extends beyond the private sector – advising UK government units like the Cabinet Office’s cyber panel. Institutions ranging from the Royal United Services Institute to the CVE Program include her in key functions. Engagement with policy experts and advocacy groups forms part of her broader effort to reshape how online risks are understood.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: