Forty-eight governments pledge not to pay ransomware gangs

Share post:

Forty-eight countries, including Canada and the U.S., have agreed their governments shouldn’t give in to ransomware demands.

The promise came Wednesday at the end of the third annual meeting in Washington of the International Counter Ransomware Initiative (CRI).

However, it isn’t clear what the declaration means. It doesn’t include a promise to forbid provincial, state, county, or municipal governments from paying to get access back to stolen or encrypted data. Nor does it include a promise to forbid businesses from paying.

“CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example,” the group said in a statement.

CRI members also endorsed a statement that relevant institutions under their national government authority should not pay ransomware extortion demands.

CRI members also intend to implement the Financial Action Task Force Recommendation 15 on the regulation of virtual assets and related service providers, the statement says, which would help stem the illicit flow of funds and disrupt the ransomware payment ecosystem.

Meanwhile, organizations continue to be hit by ransomware. Among the latest is a shared services provider that supports a group of southwestern Ontario hospitals.

According to researchers at BlackFog, October was the third largest month for ransomware this year, with a total of 64 disclosed and 303 undisclosed attacks. Infosec teams looking for signs of compromise should note the report’s finding that 48 per cent of ransomware attacks involve the use of PowerShell.

This year, 13 new countries joined the CRI, a sign that its influence is spreading.

Much of the work it does to fight successful ransomware attacks — which seem to be on track to hit a record this year — is done behind closed doors. The group’s overall strategy is to co-operate in intelligence sharing, disrupting criminal networks and building resilience through sharing best practices. Its work includes research on cyber insurance, victim behavior, seizure and confiscation of virtual assets, and working together to curb the illicit money flow that ransomware actors rely upon.

Information sharing of threat indicators is done through several vehicles, including Lithuania’s Malware Information Sharing Platform (MISP), and Israel and the UAE’s Crystal Ball platforms.  A group website will be built and maintained by Australia, which will include a forum for members to request assistance from initiative members.

The group is also working on a project to leverage artificial intelligence to counter ransomware. It has also created a shared blacklist of digital wallets used by ransomware gangs.

This year’s meeting focused on launching capabilities to disrupt attackers and the infrastructure they use to conduct their attacks, improving cybersecurity through sharing information, and fighting back against threat groups.

The United States provides the initiative’s secretariat; Australia is the lead of its task force; Singapore and the United Kingdom are the leads of a group creating policies; and Germany and Nigeria are the leads of the diplomacy and capacity building pillars.

The new members are Albania, Colombia, Costa Rica, Egypt, Greece, Jordan, Papua New Guinea, Portugal, Rwanda, Sierra Leone, Slovakia, Uruguay, and the Interpol police co-operative.

The pledge not to pay ransoms and other initiatives “are incredible and necessary steps in the right direction,” commented Joseph Thacker, researcher at AppOmni. “North Korea, as an example, has made billions of dollars off of ransomware. This money helps sustain their country. Money is the only incentive to hack most of the companies that get targeted. I believe that by removing the financial incentive, the attacks will drop dramatically.”

The post Forty-eight governments pledge not to pay ransomware gangs first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways