Ransomware poses a major threat to the UK. Paying ransoms to the criminal groups responsible for these attacks sustains the threat and does not ensure that victims will regain access to their data.
The UK government strongly advises against making ransomware payments.
The National Cyber Security Centre (NCSC) provides guidance on cyber resilience measures that greatly reduce the risk and impact of a ransomware attack.
The UK government has taken and will continue to take decisive action against ransomware perpetrators, including the implementation of financial sanctions. Financial sanctions prevent funds or economic resources from being made available to individuals or entities subject to asset freezes, including through ransomware payments. Violating these sanctions is a serious criminal offence and can result in imprisonment and/or a fine.
The Office of Financial Sanctions Implementation (OFSI) evaluates all breaches of financial sanctions on a case-by-case basis. OFSI considers various factors that could either aggravate or mitigate the situation when determining the seriousness of a case.
If the mitigating measures outlined in this guidance are followed, the OFSI and the National Crime Agency (NCA) are more likely to address a breach involving a ransomware payment through alternatives to monetary penalties or criminal investigations.
Here the full guidance here.
By FCCT Editorial Team