Ransomware is on the rise, and with it comes the renewed debate around ransomware payments.
Hackers are increasingly using ransomware as an attack strategy, seeking hefty payouts from organizations trying to keep the data of their customers and staff safe.
Research showed a 126% rise in ransomware attacks in Q1 of 2025 compared to the previous quarter - an uptick that can’t be ignored.
CEO and Co-Founder of CyberSmart.
The current UK proposal would see a ban on ransomware payments for public sector and Critical National Infrastructure (CNI) organizations, but there are already hopes that this ban will extend to all organizations in the UK.
If such a ban becomes universal, organizations will need to navigate a landscape where payment is no longer an option, forcing a shift in focus toward resilience, incident response planning, and rapid recovery strategies.
The question is: are ransomware payment bans a smart idea? And, if the ban is approved, how can organizations keep themselves safe without relying on a ransom ‘kitty’?
The Ongoing Debate
For better or worse, a ransom payment is perceived to give organizations a ‘get out of jail free’ card. It is seen as a ‘guaranteed’ method of recouping their lost/stolen data, without necessarily having to go through the proper channels of disclosure and reporting.
The problem is, when negotiating with criminals, there are no ‘guarantees’. Paying a ransom - succumbing to a ransomware attacker’s demands - feeds into a wider ecosystem of cybercriminal activity, which, in turn, helps online criminality thrive.
Yet, organizations are still doing it. Recent research shows that, in 2025, 41% of organizations have paid a ransom (it’s important to note that among those who paid, only 67% successfully regained full access to their data).
Statistics like this suggest that organizations are willing to invest real money into ransom payments. These funds could be better spent proactively preparing for and preventing ransomware attacks with strong cyber infrastructure.
The Pros and Cons of Ransomware Payments
There is no right or wrong outlook on the proposed ban, but there are several pros and cons for organizations. A ban on ransomware payments means that organizations no longer have to negotiate or communicate with criminals (who are notoriously unreliable).
There is no guarantee that a cybercriminal will actually return your data once the payment has been made, and this is a risk organizations accept every time they pay a ransom fee. A ban stops this risk completely.
There is also a stigma around organizations admitting that they have suffered a ransomware attack and often they will accept an attacker's demands to avoid reputational damage.
This not only means that organizations are making underhand deals, but it also means that attackers often operate without the authorities ever knowing a crime was committed.
However, a ban on ransomware payments means that organizations will almost always have to report ransomware attacks, which can then be investigated in the proper way.
Ultimately, if organizations are unable to pay ransom demands, then it is hoped and expected that ransomware attacks will become a thing of the past as cybercriminals will see no financial gain to be made.
It may seem like an optimistic goal from the UK government, but this ban seems like the only way to feasibly stop all ransomware attacks in the future.
On the other hand, ransomware attacks will likely continue to occur, especially in the near future. Taking away an organization's ability to pay attackers removes one of their only realistic ways of recovering their highly sensitive data - and that is the crucial issue.
This data is often highly sensitive, sometimes containing customer information, and organizations need a viable way of retrieving it, even if it does mean negotiating with criminals.
What Does This Mean for Organizations?
There are several steps organizations could, and should, take to keep themselves safe if ransomware payments are banned by the UK government. The key for organizations is to invest into their cyber resilience to protect themselves from ransomware attacks.
For SMEs, who sometimes lack an in-house security team or cyber knowledge, the easiest method for improving cyber resilience is to use a Managed Service Provider (MSP).
An MSP takes care of an organization's IT and cybersecurity infrastructure so business leaders can focus on important areas like innovation and growth. According to recent research, more SMEs than ever (over 80%) are relying on MSPs for help with their cybersecurity .
It is also important to conduct regular security awareness training to ensure employees understand the tell-tale signs of an attack and minimize the risk of mistakes that often lead to ransomware infections.
Additionally, implementing (and testing) a comprehensive response plan in the event of an attack is also vital. This is often overlooked by organisations but is vital in damage limitation.
Next Steps For Organizations
With a potential ransomware payment ban for UK organizations on the horizon, organizations cannot afford to be unprepared. The best defense is to strengthen cyber resilience now.
This could include utilizing the services of MSPs, investing in security tools and/or building out a comprehensive incident response plan.
Taking proactive steps should reduce the likelihood of attacks and ensure business continuity if one does occur.
We list the best malware removal software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.