Share this article on:
An over-40-nation alliance led by the US has vowed never to pay ransom to hackers following cyber breaches in an effort to cut off funding for cyber criminal organisations and starve them out.
During the third annual meeting of the International Counter Ransomware Initiative, a US-led global campaign to develop the cooperative resilience of member nations and thwart the efforts of malicious cyber hackers, member nations announced their commitment to not paying ransom payments to hackers.
“This was a really big lift, and we’re still in the final throes of getting every last member to sign, but we’re pretty much there,” a senior administration official told media.
White House deputy national security adviser for cyber and emerging technology Anne Neuberger said the issue of ransomware threats transcends geographical boundaries, and as a result, nations need to work together to combat it before it grows.
“Ransomware is an issue that knows no borders,” said Neuberger.
“And as long as there’s money flowing to ransomware criminals … the problem will continue to grow.”
The new pledge follows a growth in ransomware attacks worldwide, with the US getting hit the hardest. According to Neuberger, 46 per cent of all ransomware attacks for the period targeted organisations and agencies in the US.
Furthermore, according to a report conducted last month by the NCC group, September 2023 holds the new record for the highest number of ransomware attacks ever, reaching 514, a 153 per cent increase year on year.
The pledge is believed to only apply to ransomware attacks targeting government agencies and will not outright ban ransomware payments, a move that has been proposed previously.
On the one hand, paying a ransom, while a seemingly easy way out of a data breach, with hackers promising to delete and decrypt stolen data, paints a target on a business’s head as threat actors know it is a target that will pay in the event of a breach.
On the other hand, banning ransomware payments could also have dire consequences, particularly in the critical infrastructure and healthcare industries where not having a quick out could lead to a life-or-death situation.
The banning of ransomware payments is expected to also disproportionately affect smaller businesses, which are ultimately the primary victims of attacks.
“Such a law presupposes that all organisations are able to recover without paying a ransom, which is simply not a realistic assumption at this stage of Australia’s cyber security maturity,” said a blog post by Australian law firm Lander & Rogers.
The agreement to stop paying ransom was just one of three main themes the International Counter Ransomware Committee focused on with its 2023 meeting.
Other focuses included the introduction of new “launching capabilities”, which Neuberger said involved “a project to leverage artificial intelligence to analyse the blockchain to help identify illicit fund flows that are funding ransomware”.
Additionally, committee members will increase their abilities to share information, allowing for more efficient sharing of threat indicators. This will be done via two dedicated platforms.
As a member of the International Counter Ransomware Committee, Australia plays a key role in fighting against ransomware groups.
Last year, Minister for Home Affairs and Cyber Security Clare O’Neil announced that Australia would lead an International Counter Ransomware Task Force, which will work with global agencies to “hack the hackers”.