Back in January 2025 the UK government took an important step towards dismantling the ransomware economy by proposing a ban on ransom payments across the public sector. Under this legislation, which is now moving forward following a public consultation, institutions like the NHS, schools and local councils will no longer be permitted to pay out ransoms. Private companies, while not completely banned, will be required to report any payments and seek official guidance.
This is a landmark move and one that has potential to have significant impact on this highly organised cyber crime.
Having served in military intelligence, disrupting the finances of terrorist groups, I’ve seen how cutting off money can do more damage than direct confrontation. You remove the funding and then you have reduced their operational reach. No money, no weapons. No money, fewer recruits.
The same strategic logic applies to ransomware. Ransomware actors rely on predictable payouts to sustain their attacks, grow their networks and recruit talent. The return on investment, versus the risk of possible imprisonment makes it worth it.
Criminal groups aren’t just extorting; they are also reinvesting. Ransom proceeds fund future campaigns, empower illicit marketplaces, embolden regimes and destabilise geopolitics. That’s why I support this ban. It is not just out of ideology but from my experience dismantling adversarial ecosystems.
Starve the machine and its gears grind to a halt.
There’s also precedent. Jurisdictions with tighter ransom controls see fewer attacks. When payments aren’t possible, threat actors pivot. The UK-led takedown of the LockBit group wasn’t just a technical win, it was psychological, carried out using their own infrastructure. It shattered morale, sowed confusion and most importantly, ended financial reward.
But a payment ban can’t operate in isolation. We must go further and into the infrastructure that sustains cyber crime. Crypto exchanges must adopt the same reporting obligations as traditional banks. Illicit platforms that support money laundering should face sanctions and global scrutiny. We’ve allowed too many actors to operate in the shadows for too long.
Critics also warn of unintended consequences, where attackers shift their focus to private individuals, covert payment channels and collateral damage to essential services. These risks are real. However they are manageable through a unified response. Government departments, ISPs, law enforcement, domain registrars and tech platforms must all work in collaboration to close the loopholes.
To effectively curb the impact of ransomware, the UK government’s new policy must be underpinned by a multi-layered strategy. This should include sustained investment in proactive law enforcement operations to disrupt criminal networks; reinforced cyber security obligations for digital infrastructure providers; comprehensive regulation of cryptocurrency markets to prevent money laundering and anonymous transactions; widespread human-centric cyber security education for frontline staff to reduce susceptibility to attacks; and robust, real-time intelligence sharing between public and private sectors to detect and respond swiftly to emerging threats. Together, these measures will help form a resilient framework to dismantle the ransomware economy.
They must also ensure that funds and support is available for those entities coming under the ban, to allow them to make sure they have robust backup and restoration solutions in place.
The battlefield may have changed, but the principles are the same. In my military career, the lesson was simple, disrupt the flow of money and the enemy weakens. In cyber security, it’s the same. With this ban, the UK has fired a strategic shot at the heart of ransomware and this deserves support from the industry.
