As the White House prepares to host its annual International Counter Ransomware Initiative (CRI) summit, Bloomberg reports that the US is pushing other countries to stop paying ransoms to cybercriminals.
The CRI wants to enhance international cooperation to combat the growth of ransomware, and its 47 members will convene in Washington for its annual summit on October 31, 2023.
“The work of the CRI supports the implementation of the endorsed UN framework for responsible state behavior in cyberspace, specifically the voluntary norm that States should cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats.”
White House Deputy National Security Adviser Anne Neuberger said ransomware payment bans have been a topic of discussion among members of the CRI, and she noted that several other countries have also raised the issue, but no decisions have been made.
The reasoning is very understandable. Ransomware has grown to be a formidable industry over the years and if it was possible to stop the cashflow in that direction, it would soon collapse. Not only would the seasoned criminals turn to other sources of income, the entry-level jobs would disappear and the funds for research into new tactics would dry up.
If an agreement is reached, this would only bind government organizations, but even that could potentially have a large impact. Other experts believe that the energy spent on achieving this would be more effectively spent on helping less well-equipped governments improve their cyber-defenses.
If we could eliminate the low-effort attacks on long-known vulnerabilities where patches are available but unapplied, this could have at least the same kind of impact.
And to be fair, several US states have banned local government entities from paying ransoms connected to attacks. So far, this really hasn’t stopped them from being targeted. In 2021, The FBI even advised against making ransom payments illegal because it would only open up another avenue of extortion.
One might think that now that most organizations have their backup strategies sorted out, it shouldn’t be too hard to convince victims not to pay the ransom. Unfortunately many ransomware gangs have adapted the double extortion strategy where stolen data extracted from the victim’s systems during the attack is used as extra leverage. And when sensitive data is stolen, having a backup does not take away the threat.
Also, it’s not fair to think that all government organizations in the member states have their security and backup strategy at the required level to safely survive a ransomware attack. But we feel it is true that they should be setting an example by investing in their security posture and by refusing to pay the criminals.
Neuberger said that she would like participating governments to publicly commit to not make ransom payments, but if members can’t agree to the statement in advance of the meeting, then it will be included as a discussion point.
How to avoid ransomware
- Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
- Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
- Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
- Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
- Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
- Don’t get attacked twice. Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.