Millions of pounds of taxpayers’ money has been handed to cyber criminals in recent years, Britain’s security minister said as he unveiled proposals to combat ransomware attacks. Dan Jarvis also suggested hostile actors could have extorted thousands more from organisations like the NHS without the Government knowing because there is no mandatory reporting regime.
The Home Office on Tuesday launched a consultation on how to crack down on ransomware, with plans to ban all public sector bodies from making payments under consideration. Proposals also include a mandatory reporting regime and payment prevention system, designed to increase the National Crime Agency’s awareness of live attacks and block payments to known criminal groups and sanctioned entities.
Speaking to broadcasters on Tuesday’s morning media round, Mr Jarvis said cyber criminals based in countries like Russia are “quite literally holding our country to ransom” and warned the problem was “extensive.”. Asked how much public bodies had paid out in recent years, Mr Jarvis said “significant” sums had been handed over, telling Times Radio: “Millions of pounds have been paid.
“It’s a huge problem internationally.”. On how much the NHS had given, Mr Jarvis said: “The truth of the matter is we don’t know the precise figures, because there isn’t a mandatory reporting regime.”. Asked whether that meant that a trust could have paid out thousands of pounds to criminals to get its computers back without the Government knowing about it, he said: “In theory, that is the case, and that’s why we’re looking to change the law to bring in a mandatory reporting regime so we’ve got much more visibility of these kind of activities.
