40 Countries Pledge to Never Pay Ransomware Gangs
Forty counties have committed to sign a pledge never to pay money to digital extortionists such as ransomware gangs. In an October 31, 2023, press briefing ahead of the third annual International Counter Ransomware Initiative (CRI) in Washington D.C., Anne Neuberger, the White House Deputy National Security Adviser for Cyber and Emerging Technology confirmed the ongoing international efforts to combat the ransomware threat by eliminating the main source of funding for ransomware gangs.
According to the U.S. government, economic losses to ransomware attacks reached $20 billion in 2021, and annual losses are expected to increase to $71.5 billion by 2026, and 46% of all ransomware attacks are conducted on organizations in the United States. As the HHS’ Office for Civil Rights (OCR) recently announced, the healthcare industry has seen a 278% increase in ransomware attacks in the past 4 years. A recent study by Comparitech determined that there had been 539 ransomware attacks on healthcare organizations since 2016, including at least 66 attacks so far in 2023. Since 2016, Comparitech estimated these attacks have cost healthcare organizations more than $77.5 billion.
Ransomware and cyber extortion groups are based in safe havens and conduct attacks on organizations in other countries. These cyber threat actors are paid millions in cryptocurrencies in response to their criminal activities. While the Biden-Harris Administration has made concerted efforts to fight the scourge of ransomware, the U.S. alone cannot combat a threat that knows no borders. Combatting the ransomware threat requires cooperation on a global scale, and at the CGI summit, several initiatives will be discussed, but the single most important step is to stop financing ransomware gangs through ransom payments. “As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow,” said Neuberger.
Forty of the 48 countries attending the CRI summit have already agreed to pledge not to pay ransoms, and the U.S. is working on getting a commitment from the remaining countries to do likewise. What has yet to be established is how this pledge will work in practice, as many victims of ransomware attacks are unable to recover the data encrypted in ransomware attacks and have no option other than paying a ransom.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“I don’t think this is a black and white decision. I of course don’t think that attackers should be able to make money off this, but there is more to think about than just putting money in the hacker’s pocket. Impacted organizations should always work with law enforcement to see if the criminals can be caught, the ransom be remediated, and the data be taken down. What it comes down to for me is: if I have employees and customers that are suffering because I’m unable to conduct business, I would weigh that against the cost of getting the encryption back,” said Doug Barbin, President and National Managing Principal of Schellman, a leading provider of attestation and compliance services.
New initiatives are also being launched to prevent ransom payments to ransomware gangs through better information sharing about ransom payment accounts. Neuberger said one platform will be created by Lithuania and another will be jointly created by Israel and the UAE. The CRI also plans to create a blacklist of cryptocurrency wallets that are known to move ransom payments through the cryptocurrency ecosystem, which can be used to block and freeze transactions.
