The UK faces a “very significant” volume of cyber attacks every year, the security minister has warned as new laws aim to deter hackers from “extorting” businesses amid a spate of recent incidents.
Dan Jarvis said new measures send a signal to cyber criminals that ransom demands will not be tolerated.
Proposals from the Home Office would ban public sector bodies and operators of critical national infrastructure from paying hackers.
It would also mean private sector companies not covered by the ban would be required to notify the Government if they intended to pay a ransom.
“The UK is not alone in this regard, along with our international allies, we are subjected to a very significant number of cyber attacks every year,” Mr Jarvis told the PA news agency.
“But from a UK Government perspective we are crystal clear that these attacks are completely unacceptable.
“There’s more that we need to do to guard against them and that’s why we’re introducing these measures.”
Mr Jarvis said the measures mean cyber criminals will be “less incentivised” to target UK institutions because of the clarity the ban on ransom payments brings.
“We think these proposals will provide a powerful deterrent, and what we’re wanting to do is break the business model of the cyber criminals who think that they can get away with extorting money from UK-based institutions,” he told PA.
He stressed the Government would ensure “cyber criminals, whether they’re in Russia or wherever they might be, face the full weight of the UK law”.
Ransomware refers to software used by cyber criminals to access the computer systems of its victims, which can then be encrypted or data stolen until a ransom is paid.
It comes after four young people were arrested for their suspected involvement in damaging cyber attacks against Marks & Spencer, the Co-op and Harrods in recent months.
Microsoft also said on Tuesday night that Chinese hackers had breached its SharePoint document software servers in a bid to target major corporations and government agencies.
Furthermore, under the proposals, a mandatory reporting regime would mean companies and institutions that are targeted by ransomware attacks are required to report it.
Mr Jarvis said the Government was going to “look very carefully at the precise details” of the regime but that it would provide more clarity and intelligence to government agencies.
M&S chairman Archie Norman told MPs earlier this month that UK businesses should be legally required to report major cyber attacks as he claimed two recent hacks involving “large British companies” had gone unreported.
Mr Norman said the retailer believed an Asia-based ransomware operation, DragonForce, had been involved in the attack – but refused to say whether or not a ransom was paid.
