Global Government Coalition Launching New Ransomware EffortsInternational Counter Ransomware Initiative Announces First Joint Policy Statement.
A U.S.-led global coalition against ransomware endorsed a joint policy statement declaring that member governments should not pay ransoms.
The International Counter Ransomware Initiative, now entering its third year, includes 48 countries and representatives from the European Union and Interpol. The Biden administration convened its third meeting of the initiative just as security researchers warn that the volume of known ransomware attacks has surged to record-breaking levels (see: Known Ransomware Attack Volume Breaks Monthly Record, Again).
White House officials in the past have said the international confab is making progress against ransomware, even as they acknowledged challenges. "We're seeing the pace and the sophistication of the ransomware attacks increasing faster than our resilience and disruption efforts," a White House official told reporters this time last year.
The U.S. government has long advised victims not to pay extortion and has complicated payment by slapping sanctions on ransomware actors and groups. It stops short of criminalizing of ransom payments. A senior FBI official told a Senate panel in 2021 that outlawing payments would just create another opportunity for hackers to extort victims.
This year's joint statement commits participants to "strong and aligned messaging discouraging paying ransomware demands and leading by example." A first-ever initiative policy statement declares that member governments should not pay ransoms.
Reports indicate ransomware attacks targeting government institutions are on the rise. One study published by the AI-based cybersecurity firm CloudSek shows a 95% surge in attacks targeting the government sector last year. White House officials told the meeting attendees this week that the rise in ransomware attacks has continued throughout the first half of 2023, and recent attacks have targeted health care systems, major private sector organizations and academic institutions.
Initiative members agreed to assist any members with incident response in the event that their government or critical sectors are hit with ransomware attacks. The U.S. Department of Treasury will spearhead a shared blacklist of cryptocurrency wallets used to receive extortion payments.
The White House instigated establishment of the initiative in 2021, with participation from 30 countries. Deputy National Security Advisor Anne Neuberger said at the time that "more robust and real-time communication across governments" was required to combat the rise in ransomware attacks from criminals, who typically repeat their tactics and techniques across borders.
The initiative includes India, Israel, Japan and the United Kingdom. Thirteen new members - including Costa Rica, Egypt, Jordan and Interpol - joined the initiative in 2023. The group said it was developing mentorship and tactical training programs for new members, tasking Israel with mentoring Jordan, and launching information-sharing platforms that will enable members to rapidly share information about ransomware threats.