The members of the International Counter Ransomware Initiative (CRI) have agreement a joint policy statement declaring that member governments should not pay ransoms demanded by cybercriminal groups. The agreement was announced during the third CRI summit in Washington, D.C this week.
CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example, endorsing a statement that relevant institutions should not pay ransomware extortion demands. Members also agreed to the creation of a shared blacklist of wallets through the US Department of the Treasury’s pledge to share data on illicit wallets used by ransomware actors. The 50 members of the CRI include Australia, Canada, the UK, the US, and India as well as the European Union (EU) and INTERPOL.
The debate around whether it is ever right to pay ransoms in the wake of a ransomware attack in a contentious one. On the one hand, it can be seen as funding malicious activity without any guarantee than payments will see stolen or encrypted data returned to victims. On the other, it may be considered a victim’s only feasible option to maintain operations by regaining access to information and systems.
Last year, the UK’s National Cyber Security Centre (NCSC) and data protection regulator the Information Commissioner’s Office (ICO) issued a joint letter to the Law Society urging lawyers to warn their clients against paying cybercrime ransoms. The guidance followed a rise in ransomware payments being made by businesses and emphasized the stance of both the NCSC and ICO that payment of a ransom will not keep data safe or be viewed as mitigation.
CRI members commit to building collective resilience to ransomware
During the third CRI gathering, members reaffirmed a joint commitment to building a collective resilience to ransomware, cooperating to undercut the viability of ransomware and pursuing the actors responsible, countering illicit finance that underpins the ransomware ecosystem, working with the private sector to defend against ransomware attacks, and continuing to cooperate internationally across all elements of the ransomware threat, read a White House statement.
Members will work toward attaining a comprehensive understanding of the ransomware threat by sharing information and exchanging knowledge through virtual seminars and labs, with plans to create and share resources to build national counter-ransomware capacity, working to develop practical tools for governments to prevent, respond to, and recover from ransomware attacks, it added.
The ICR Task Force – established at least year’s meeting – will also continue to support transnational operations conducted by its members and collaborate with industry to target disruptive activities at key components of ransomware ecosystem, in recognition that ransomware is a cross-border and cross-sectoral threat that necessitates close collaboration across governments and sectors to be effectively combatted, the statement continued.