New plans to cut off ransomware gangs at source risk backfiring and triggering even more data leaks, cyber experts have warned, as hackers ramp up attacks on everything from NHS trusts to the tills at Marks & Spencer.
The Government today unveiled new measures aimed at breaking the business model behind ransomware crime, which costs the UK economy millions each year. But cybersecurity specialists say that while the crackdown is a step in the right direction, it could come with serious consequences if not handled with care.
Marijus Briedis, Chief Technology Officer at NordVPN, said: “This year has been one of the worst in history for ransomware attacks leveraged against the private sector. Some of the UK’s biggest companies, including Marks & Spencer and Co-Op, have seen cyber attacks cost them millions and forced them to publicly admit to customers that their personal data has been stolen.”
Briedis warned that groups like Scattered Spider have built an entire economy around extortion, and that refusing to play ball could lead to an increase in sensitive information being dumped online.
Ransomware crackdown welcomed
“We welcome today’s action to try and crack down on ransomware attackers by targeting their funding at the source. However, we shouldn’t be surprised if these efforts to call hackers’ bluff backfire,” he added. “The Government has acknowledged that ransomware ‘puts the public at risk’, but by not giving in to the demands of criminals, it does come with the caveat that we may see more data leaks.”
Julius Cerniauskas, CEO of web intelligence firm Oxylabs, also backed the Government’s plan to remove “economic incentive” from ransomware gangs, particularly when it comes to critical services like the NHS and local councils: “Mandatory reporting of ransom payments, even among private firms, is also a welcome development — this intelligence is crucial for law enforcement and for building a clearer national picture of threats,” he said.
But Cerniauskas warned that some public institutions could be left dangerously exposed if they are banned from paying ransoms without proper cyber resilience measures in place. He added: “Implementation will be key. Forcing public bodies to refuse payment without simultaneously ensuring they have the resources, resilience planning, and baseline cybersecurity measures in place could leave some institutions dangerously exposed in the short term.”
Hackers could hit easier targets
He also flagged the risk that attackers could pivot to easier targets: “There’s also a risk that cyber criminals shift their focus toward private companies less bound by the ban, potentially increasing the pressure on sectors that may lack the same level of preparedness.”
The comments come as the Government sets out new plans, including stricter reporting rules for ransomware payments and increased collaboration between law enforcement and industry. The goal: to dismantle the financial lifeline fuelling a surge in high-stakes attacks that have paralysed public services and shaken public trust.
Security Minister Dan Jarvis said: “Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on. That’s why we’re determined to smash the cyber criminal business model and protect the services we all rely on.”
Independent Financial Adviser Samuel Mather-Holgate also backed the move, noting that Britain’s global status in AI and tech made this a critical moment for national security: “The NHS has been under attack, and so has the private sector, with Harrods, M&S and Co-op all falling foul of these cyber-criminals. Jarvis talks big on this, and the UK does have a prized position in tech and AI. The devil is in the detail though, and cross-border cooperation will be needed if their plans are to work.”
