The UK government wants to request ransomware victims to report whether they have violated their goals to provide law enforcement with information that will help them target those responsible.
On Tuesday, the Home Office, the Home Office, announced a proposal aimed at changing the UK government's strategy to counter ransomware. Among the three key proposals are reporting requirements, which help authorities identify and disrupt hacking operations.
“Mandatory reports are also being developed, which will drive law enforcement to corner perpetrators, disrupt activities and allow better support for victims.” Read the proposal.
In its proposal, the UK government said mandatory reporting requirements would allow the government to “be involved in targeted disruptions in evolving threat situations.”
Two other important proposals include prohibiting ransomware payments to the public sector and critical infrastructure organizations, and a mandate to inform the government whether other types of victim organizations intend to pay hacker ransoms.
Ransomware investigators praised the proposal for their efforts, particularly focusing on supporting law enforcement.
“I think it's an implicit approval of something we've known for a while. Ransomware operators and their enablers are not limited to Russia, and many of the people involved are very catchy and, more importantly, prosecutable.” “I think that's very important.”
TechCrunch Events
San Francisco | October 27-29, 2025
Arda Büyükkaya, senior cyber threat intelligence analyst at EclecticiQ, praised the proposal to “make things formal.”
“It's unclear whether everything will unfold as written, but we can see it through future developments,” Büyükkaya told Tech Crunch. “Overall, prohibiting ransom payments and actively pursuing perpetrators is a strong deterrent and helps to impose real costs on threat actors.”
Tuesday's announcement is the latest in the policy consultation process that began in January, with the Home Office first introducing three important policy changes. The UK government's formal response to consultations is another step towards amending the law, but it is still unclear whether the proposal is set forth in the law.
Prohibiting ransomware payments is a controversial idea. For some, prohibiting payments to hackers is an obvious way for criminal gangs to stop cyber attacks and forced victims. But sometimes, some argue that paying the ransom is the only viable option to restore a critical system and get back online.
Earlier this year, Australia enacted a law that would require ransomware victims to disclose if they pay hackers, and prohibit payments.