During the third annual meeting of the International Counter Ransomware Initiative (CRI), which took place this week, numerous governments from around the world have made a commitment to refusing to pay ransom demands issued by ransomware gangs in cyberattacks.
The CRI, established by the United States in 2021, is recognized as the largest cyber partnership globally and currently consists of 48 countries, along with the European Union and Interpol, according to TechCrunch. The United States deputy national security advisor, Anne Neuberger, has stated that the ultimate goal of this pledge is to counter the illicit finance that supports the ransomware ecosystem.
For years, both governments and cybersecurity experts have emphasized that paying ransoms not only incentivizes future attacks but also provides no guarantee that stolen data will be returned. It is important to note that this agreement does not impose a ban on companies making ransom payments since such a move could inadvertently empower ransomware groups for further extortion. However, it is expected to discourage such payments and promote increased awareness about the risks involved.
While not all members of the coalition have yet agreed to the pledge, Neuberger remains optimistic, stating that they are in the final stages of securing the participation of all members. The specific details and mechanisms of the pledge, including how member states will be held accountable and whether there will be penalties for giving in to ransomware attackers, have not been disclosed.
Furthermore, this year’s CRI meeting also highlighted the potential use of emerging technologies such as artificial intelligence (AI) and blockchain analysis to combat ransomware. Additionally, plans were discussed to share a list of blacklisted cryptocurrency wallets associated with ransomware operations, as reported by CyberScoop. Information-sharing capabilities among CRI members are also being strengthened, with Lithuania developing one dedicated platform and a joint effort from Israel and the United Arab Emirates creating another. These platforms will enable countries to swiftly exchange threat indicators following ransomware attacks.
Although the commitment to not paying ransoms has been met with approval from industry experts, the issue of ransom payments remains a gray area. Stephen Gates, Principal Security SME at Horizon3.ai, understands the motivation behind the agreement but believes it may underestimate the challenges faced by private-sector victims. Gates argues that organizations in sectors such as financial services, education, healthcare, manufacturing, retail, and gaming have often been compelled to pay ransoms to restore their operations and protect their livelihoods.
Gates suggests that organizations must shift their mindset and adopt a preemptive security approach. This involves identifying vulnerabilities to human-operated ransomware attacks and proactively addressing them using autonomous systems designed for this purpose. He also emphasizes the necessity of ongoing cybersecurity efforts and advises organizations to assume they have already been breached.
Doug Barbin, President and National Managing Principal of Schellman, similarly acknowledges the complexity of the issue. While he agrees that attackers should not profit from their actions, Barbin highlights the importance of considering the impact on employees and customers when choosing whether or not to pay the ransom. He asserts that organizations should collaborate with law enforcement to catch the criminals, remediate the ransom, and take down the stolen data.
As the fight against ransomware continues, the commitment from governments to not pay ransoms represents a crucial step towards undermining the profitability of ransomware attacks. However, the practical implementation of this pledge, as well as the consequences for non-compliance, are still to be determined. In the meantime, the exploration of emerging technologies and information-sharing initiatives within the CRI offers hope for more effective countermeasures against this growing cyber threat.