International Counter Ransomware Initiative: 40 countries pledge not to pay ransom
by Tina Siering
According to the latest BSI Situation Report 2023, the criminal business with ransomware is still one of the biggest threats to companies, organisations and public institutions. Ransomware is the term for malware that is capable of encrypting data and thus rendering it unusable. The blackmailers make unlocking the data dependent on ransom payments. From the US government's point of view, the "success" of ransomware is not least due to the willingness to pay the ransom demanded. The flow of ransom money is now to be dried up through an international alliance of numerous countries.
At the beginning of October 2023, the US government made an urgent appeal to the representatives of 45 nations. Governments should publicly commit to no longer paying ransom money to the blackmailers behind ransomware attacks. The appeal is to be understood in the run-up to the US-led "International Counter Ransomware Initiative (ICRI)", which will take place at the end of 2023 and in which the EU, a further 48 countries and Interpol are participating. The aim of the appeal was to obtain a commitment from as many countries as possible before the international meeting - or at least to create a basis for discussion. As of today, 40 of the participating countries are willing to join the US appeal, although it is not known exactly which countries are involved.
Ransomware thrives on ransom money
Of all countries, the USA is most frequently affected by ransomware cyberattacks - 46 percent of all attacks are directed against US companies and organisations. After one of the most consequential attacks in the summer of 2021 on Colonial Pipeline, the White House announced that it would use all available means to combat the blackmail attempts. Despite all efforts, however, it became clear that the cyber criminals were not deterred by the US government's initiative. Numerous serious attacks over the past two years have shown that the threat level remains high.
With a further announcement in spring 2023, the US government went on the offensive even more clearly. The plan: countries that harbour the masterminds behind ransomware should be isolated internationally. The infrastructure required for the blackmail attempts should be broken up and the defence mechanisms strengthened at the same time. The use of cryptocurrencies, which is closely linked to ransomware, will be monitored much more closely by the authorities.
The US government has a specific goal - namely to shift the areas of responsibility for defence measures against cybercrime. While responsibility currently lies with those affected - usually individuals, small companies or local governments - in future, defence is to be taken over by organisations that are truly capable of doing so. The White House announced in the spring that a much more strategic approach would be required.
From the US government's point of view, the willingness to pay the ransom demanded after a ransomware attack is the root of all evil. Because as long as money flows - and the blackmailers thus achieve the desired success - the criminal business model remains interesting. Anne Neuberger, the US Deputy National Security Advisor in the Biden administration, explained: "As long as money flows to ransomware criminals, this problem will continue to grow." The planned international alliance is intended to prevent the financing of cyber criminals as far as possible and make the use of ransomware as unattractive as possible.
Optimised international exchange of information in the fight against ransomware
According to the US government's plan, the alliance of numerous countries will in particular share information on malicious crypto wallets that are used for the anonymous transfer of ransom payments. Two new platforms, set up by Lithuania on the one hand and an alliance between Israel and the United Arab Emirates on the other, are intended to share information on ransomware attacks faster and more precisely. The hope behind the endeavours: Strengthened international cooperation on a partnership level will allow money flows to be more reliably attributed - or directly prevented.
Ideally, ransoms should no longer be paid at all. For this to succeed, however, it depends on the state authorities in the countries concerned. According to the US government's approach, as soon as payments are excluded by law, the cybercriminals' calculations would no longer work out. 40 participating countries at the ICRI - and no official result yet
At the launch of the International Counter Ransomware Initiative (ICRI) 2023, 40 participating countries pledged to join the alliance and refuse to pay ransoms in future. It is not yet known exactly which countries are involved. What has also not yet been made public: what is lip service - and which countries will actually implement the USA's demands in the end? One challenge here is certainly the partial surrender of national sovereignty in favour of improved international cooperation. In particular, countries that do not have a close relationship with the USA are likely to have a stomach ache at the thought of intensified data exchange.
Conclusion: A correct approach with difficult implementation
In principle, the US approach is the right one. Ransomware thrives on ransom money and if this is no longer paid, the blackmailers behind the malware simply lack the motivation to continue their attacks. We at Allgeier secion also strongly advise that, in the event of data encryption, a strategic and planned approach should be taken - and under no circumstances should the demanded sums be paid. Because even if money is paid, it is by no means certain that the encrypted data will be released by the cybercriminals. On the contrary, the attackers get exactly what they want - and are almost encouraged to repeat the attacks.
The US government's desire to have as many countries as possible directly prevent ransom payments is therefore understandable. However, it is also clear that cooperation on the "international stage" is anything but easy. We remain cautiously optimistic that the plan of an international alliance led by the US government will work.