US, dozens of allies pledge not to pay ransomware hackers

The U.S. and dozens of other countries have pledged not to pay hackers after ransomware attacks.

The commitment was reportedly made today at an annual meeting of the International Counter-Ransomware Initiative, a coalition focused on tackling cybercrime. The coalition includes the U.S. and about 40 other countries, as well as the European Union and Interpol. This week’s meeting is the third officials have held since the effort launched in 2021. 

According to Bleeping Computer, some of the countries that participate in the International Counter-Ransomware Initiative haven’t yet signed the pledge to avoid paying ransomware demands. It’s believed that the commitment will only apply to cyberattacks that target government networks. TechCrunch reported that the commitment “stops short of banning” companies from making ransom payments. 

Some companies opt to pay hackers in the hopes that it will expedite the recovery of their compromised systems or encrypted data. According to blockchain data provider Chainalysis Inc., organizations paid $449 million to hackers in the six months through June 30. The firm estimates 2023 is on track to become the second most profitable year for ransomware campaign operators after 2021, when such cyberattacks raked in an estimated $766 million.

“As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow,” Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technology, told reporters on Monday.

As part of their efforts to thwart cybercriminals, members of the International Counter-Ransomware Initiative plan to share information about hacking campaigns more closely. Participants will reportedly create two “information sharing platforms” to support the initiative. One platform will be operated by Lithuania, while the other is set to be run by Israel and the UAE.

The U.S. Treasury Department is expected to play a central role in the initiative. According to Reuters, the department will maintain a list of cryptocurrency wallets used by hackers to move illicit funds linked to ransomware campaigns. The countries that participate in the initiative can contribute information about new wallets they discover.

The officials tasked with tracking ransomware-related fund movements will use artificial intelligence to support their work. The plan, Neuberger said, is to analyze blockchain logs automatically for signs of illicit cryptocurrency movements. Blockchains, particularly those that underpin the most popular cryptocurrency, make all user transactions publicly accessible.

Neuberger also issued a call for companies to avoid paying ransomware demands and prioritize their internal cybersecurity efforts instead. “Paying a ransom not only encourages ongoing ransomware attacks, it also is not necessarily the fastest way to recover,” she said. “Do those backups and do the basic cybersecurity practices that we know make a difference.”

Data protection providers have adapted their feature sets in response to the growing threat posed by ransomware. Many backup products now offer the ability to create so-called immutable snapshots, which are backups that can’t be modified or deleted. This ensures that organizations can recover their information even if hackers gain access to their backup environments.

Image: Unsplash