英国政府近日宣布将实施新的网络安全措施，禁止公共部门和关键国家基础设施组织向网络犯罪分子支付勒索软件赎金。此举旨在打击日益严峻的网络犯罪威胁，尤其是在英国国家医疗服务体系（NHS）、地方政府和学校等领域。政府调查显示，近四分之三的受访者支持此项提议。新规还将要求企业在支付赎金前通知政府，以便阻止向俄罗斯等国的受制裁犯罪团伙付款。此举标志着英国在应对勒索软件攻击方面采取了更强硬的立场，可能为国际社会提供新的解决方案。

🏴󠁧󠁢󠁥󠁮󠁧󠁿 英国政府将出台新规，禁止公共部门和关键基础设施组织向网络犯罪分子支付勒索软件赎金，以应对日益严峻的网络犯罪威胁。

🏥 新规将影响英国国家医疗服务体系（NHS）、地方政府和学校等公共机构，旨在从源头上切断网络犯罪分子的资金来源，保护关键服务不受干扰。

⚖️ 除了禁止支付赎金，新措施还要求企业在支付前向政府报备，以便政府追踪并阻止向受制裁的犯罪团伙付款，例如来自俄罗斯的团伙。

🇺🇸 与美国不同，美国虽然有报告勒索软件事件的法规，但目前只有北卡罗来纳州立法禁止向勒索软件团伙支付款项，且该法律仅适用于州政府和地方政府。英国的新规可能引领一种新的国际应对策略。

💡 英国此举是对“不与恐怖分子谈判”原则在网络安全领域的延伸，旨在通过拒绝支付赎金来削弱网络犯罪的经济动力，并追究犯罪分子的责任，例如Coinbase在一次客户数据泄露事件中拒绝支付赎金，转而悬赏追捕罪犯。

You've heard the phrase, "We don't negotiate with terrorists." Well, the UK government seems to have a similar approach in mind for dealing with cybercriminals.

Today, the British government announced it will introduce new cybersecurity measures to prohibit public sector and critical national infrastructure organizations from making ransomware payments to cybercriminals.

In ransomware attacks, cybercriminals steal data or take control of critical technology infrastructure, then demand ransom payments to restore access.

A blog post published today by the UK Home Office says the new ransomware rule will affect the country's National Health Service (NHS), local government councils, and schools. The UK government stated that almost three-quarters of people surveyed about the measure supported this proposal.

The new cybersecurity rules are designed to protect both public organizations and private businesses. According to Bleeping Computer, the measure will also require businesses to notify the government before making ransomware payments. This would allow the government to prevent payments to sanctioned cybercriminal gangs in countries like Russia.

Ransomware is a persistent cybersecurity threat, and the recent ransomware attack against cryptocurrency exchange Coinbase earned a spot in our guide to the biggest data breaches of the year. In the UK, cybercriminals also famously attacked the NHS, and more recently, the retail company Marks & Spencer.

In the Coinbase breach, hackers held hostage data from nearly 70,000 Coinbase customers and demanded $20 million to restore access to compromised customer support systems. Refusing to pay the ransom, Coinbase instead established a $20 million reward to bring the criminals responsible for the attack to justice and promised to cover financial losses to their users.

Companies in the United States face both federal and state regulations that require them to report ransomware incidents. However, according to the National Conference of State Legislatures, North Carolina is the only state with legislation that prohibits payments to ransomware groups. In addition, this law only applies to state agencies and local governments.

The new rules from the United Kingdom could be the start of a new approach to ransomware payments, an international problem for governments and businesses alike.