The International Counter Ransomware Initiative (CRI) has made an important statement declaring that member governments should not pay ransoms demanded by cybercriminal groups. The agreement was announced during the third CRI summit in Washington, D.C this week.
The members of CRI, including countries like Australia, Canada, the UK, the US, and India, as well as the European Union (EU) and INTERPOL, have unanimously agreed on the importance of strong and consistent messaging to discourage paying ransomware demands. They have pledged to lead by example and endorse a statement urging relevant institutions not to pay ransomware extortion demands. In addition to this, the members have also agreed to create a shared blacklist of wallets. The US Department of the Treasury has committed to sharing data on illicit wallets used by ransomware actors.
The debate surrounding the payment of ransoms in the aftermath of a ransomware attack is a contentious one. On one hand, paying a ransom can be seen as funding malicious activity with no guarantee that the stolen or encrypted data will be returned to the victims. On the other hand, some argue that paying the ransom may be the only viable option for victims to regain access to their information and systems in order to maintain operations.
Last year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) jointly issued a letter to the Law Society, urging lawyers to advise their clients against paying cybercrime ransoms. This came in response to a rise in ransomware payments made by businesses. Both the NCSC and ICO emphasized that paying a ransom does not ensure the safety of the data and should not be viewed as mitigation.
During the third CRI gathering, the members reaffirmed their commitment to building collective resilience to ransomware. They have agreed to cooperate in order to undermine the viability of ransomware, pursue the actors responsible, counter the illicit finance that supports the ransomware ecosystem, and work with the private sector to defend against ransomware attacks. The members will also continue to cooperate internationally in all aspects of the ransomware threat.
According to a statement from the White House, the CRI members will work towards achieving a comprehensive understanding of the ransomware threat by sharing information and exchanging knowledge through virtual seminars and labs. There are plans to create and share resources to enhance national counter-ransomware capabilities. They will also develop practical tools for governments to prevent, respond to, and recover from ransomware attacks.
The joint policy statement from the CRI and the commitment to building collective resilience to ransomware demonstrate a united front against cybercriminals. By discouraging the payment of ransomware demands and working together to address the ransomware threat, member governments are taking critical steps to protect their nations and their citizens from the devastating effects of ransomware attacks. The collaboration between governments, international organizations, and the private sector is crucial in combating the ever-evolving threat landscape of cybercrime.