header banner

A US-led initiative moves the ransomware payment ban agreement closer

Table of Contents

    Top White House officials are working to secure an agreement between almost 50 countries to not pay ransom demands to cybercriminals as the international Counter Ransomware Initiative (CRI) summit gets underway in Washington DC Tuesday.

    "This was a really big lift, and we're still in the final throes of getting every last member to sign, but we're pretty much there," according to a senior administration official.

    The no-ransom-payments pledge is expected to be one of the major success stories coming out of the US-led conference, now in its third year, that has grown to include 48 member governments from around the world.

    Those members include the UK, Australia, Canada, the European Union, Japan, Singapore, India, Israel, as well as America, and not China, North Korea nor Russia.

    This year's summit will "focus on three main themes," Anne Neuberger, US deputy national security adviser for cyber and emerging technologies, told reporters during a briefing earlier.

    First up: what Neuberger called "launching capabilities." This includes "a project to leverage artificial intelligence to analyze the blockchain to help identify illicit fund flows that are funding ransomware," she explained. Essentially, keeping better track of cryptocurrency ransom payments so that extortionists can be tracked, identified, and snared.

    Second, member governments will also increase their information-sharing capabilities via two dedicated platforms that let countries rapidly exchange threat indicators following ransomware infections. 

    Lithuania will develop one such center, and a joint program between Israel and the United Arab Emirates will build the other, with the goal being for all CRI countries to share at least one piece of threat intelligence per week.

    The third focus area, "fighting back," according to Neuberger, will include the "first-ever joint Counter Ransomware Initiative policy statement declaring that member governments will not pay ransoms." Under that pact, governments and their agencies and departments won't cough up ransoms; this doesn't seem to apply to private businesses.

    Additionally, the US Treasury will share a "blacklist" of crypto-coin wallets being used to move ransom payments, Neuberger said. Member countries will also "pledge to assist any Counter Ransomware Initiative member with incident response if their government or lifeline sectors are hit with a ransomware attack," she added.

    Of all the 48-member countries, America holds the dubious honor of being the most-targeted country, with 46 percent of all global attacks hitting US organizations and individuals, Neuberger noted. "And as long as there's money flowing through ransomware criminals, this is a problem that will continue to grow," she said.

    • International summit agrees crack down on crypto to combat ransomware
    • Europol knocks RagnarLocker offline in second major ransomware bust this year
    • 'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in
    • Stanford schooled in cybersecurity after Akira claims ransomware attack

    Mandiant's chief technology officer Charles Carmakal, who attended the CRI summit on Tuesday, told The Register that banning ransom payments is "one of many steps that need to be taken to curb the multifaceted extortion problem." But, he added, there are some things that need to happen first.

    "Governments and law enforcement need to continue to bring threat actors to justice — either through arrests or public indictments," Carmakal said.

    So far this year, international cops have taken over RagnarLocker's leak site and arrested a "key target" in that ransomware crew's operation. Another FBI-led effort shut down Hive's ransomware network, while also distributing 1,000 decryption keys to victims. 

    And a third joint operation between CRI countries dismantled Qakbot, aka QBot, a notorious botnet and malware loader responsible for ransomware losses totaling hundreds of millions of dollars worldwide.

    Carmakal wants to see more of these types of actions, and said law enforcement should "take more aggressive actions" to disrupt these criminals and their infrastructure.

    The private sector has a role to play as well, commented Carmakal, and both "public and private sector can do more to notify victims when evidence of compromise is identified," he added.

    And finally, if the CRI countries do agree on a ransom-payment ban for member governments, then "governments and the private sector must work together to ensure victim organizations aren't completely left to fend for themselves when trying to get operations back online after a ransomware incident," Carmakal said.

    "Eliminating the option for victims to pay could be difficult for those organizations that aren't as cyber mature or ready as others." ®


    Article information

    Author: Jason Mccormick

    Last Updated: 1700033041

    Views: 1107

    Rating: 4.5 / 5 (38 voted)

    Reviews: 97% of readers found this page helpful

    Author information

    Name: Jason Mccormick

    Birthday: 2008-07-21

    Address: 27558 Cruz Course, West Stephanie, HI 00920

    Phone: +4335121915042644

    Job: Astronomer

    Hobby: Video Editing, Chess, Stargazing, Robotics, Beer Brewing, Tea Brewing, Traveling

    Introduction: My name is Jason Mccormick, I am a accessible, welcoming, accomplished, vibrant, dedicated, clever, important person who loves writing and wants to share my knowledge and understanding with you.