The British government plans to ban public sector organizations and critical infrastructure operators—including the energy, healthcare, and local government sectors—from paying ransoms to ransomware attackers.
The new rules, proposed on Tuesday following a public consultation, extend the existing ban for government departments.
They also introduce mandatory reporting requirements for companies not covered by the ban, requiring them to disclose ransom payments.
In addition, victims must submit an initial report within 72 hours of the attack and a detailed analysis within 28 days.
UK Security Minister Dan Jarvis said the government aims to "smash the cyber criminal business model" through stricter regulation and industry collaboration.