Governments will pledge to not pay ransomware gangs after attacks
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
A U.S.-led group of 48 countries is finalizing a pledge this week that their governments won't pay ransomware hackers if they're faced with an attack.
Driving the news: Anne Neuberger, deputy national security adviser for cyber and emerging tech, told reporters Monday that the pledge will come as part of this week's annual meeting of the Counter Ransomware Initiative (CRI).
- The European Union and Interpol will also sign the joint policy statement against paying ransoms, Neuberger said.
- The CRI member countries will launch a new project to leverage AI to analyze the blockchain to identify illicit funds tied to ransomware gangs, unveil the group's anticipated information-sharing program between members, and pledge to help any initiative member if they're hit with ransomware, she added.
Why it matters: Whether to pay ransomware hackers has been a major sticking point in the fight to disrupt and reduce the number of ransomware attacks around the world.
- This is one of the strongest signals from governments against paying hackers during an attack.
Catch up quick: The CRI was formed in 2021 as a tool to help establish norms on fighting and defending against ransomware.
- Last year, the group also pledged to not harbor ransomware criminals within their borders and started work on the information-sharing program unveiled this week.
Threat level: This year's initiative meeting comes amid an uptick in ransomware attacks.
- The number of ransomware attacks in 2023 has already outpaced the total for 2022, according to a report from cyber insurer Resilience released this month.
- However, fewer companies appear to be paying ransoms, with Resilience saying only 15% of its ransomware victim clients paid in the first half of 2023, compared to roughly 21% last year.
The big picture: It's often difficult to enact an outright ban on companies or other organizations paying hackers a ransom when they're hit with ransomware.
- In some cases, paying hackers to decrypt their files and not leak stolen data can be cheaper than having to rebuild their networks or switch over to data backups.
- However, paying a ransom further motivates and enables criminal groups.
Yes, but: Most ransomware criminals are operating in countries like Russia, China, Iran and North Korea that aren't members of the CRI.
- Some of these countries are also believed to be supporting ransomware gangs in some capacity.
Editor's note: This story has been corrected to note that Reliance's reported rate for ransomware victims paying in 2022 was roughly 21%, not nearly 40%.
