Four dozen countries declare they won’t pay ransomware ransoms

The United States and a consortium of some four dozen countries will pledge this week to no longer pay ransoms demanded as part of ransomware attacks, a senior administration official said Monday.

The statement will come as part of a meeting of the International Counter Ransomware Initiative set to take place Tuesday. The commitment to no longer pay ransoms will be part of a joint policy statement signed by 48 countries, the European Union and Interpol.

First convened by President Joe Biden in 2021, this year’s meting of the ransomware initiative will focus on information sharing around incorporating artificial intelligence and blockchain analysis into the ransomware fight, a new information sharing platform for member countries and, in the spirit of fighting back, the first ever policy statement declaring that member nations will not pay ransoms.

“We want to take a push at the cause of the ransomware, which is the financing of it, and do that together,” a senior administration official speaking on condition of anonymity told reporters Monday. “This was a really big lift, and we’re still in the final throes of getting every last member to sign, but we’re pretty much there, which is exciting.”

The initiative also plans to share a list of blacklisted cryptocurrency wallets associated with ransomware operations, the official added.

The U.S. government has long urged against paying ransoms in ransomware attacks, but outlawing payments represents a controversial move. Even some law enforcement officials have spoken out against the banning of payments. Getting the member nations to agree to the statement was difficult, according to the official.

The true number of ransomware attacks is difficult to determine with accuracy given that the count relies on ransomware groups themselves to announce victims or for the victims to share publicly that they’ve suffered an attack. Still, based on the publicly known total, ransomware attacks are at an all-time high and up more than 150% year over year, according to a recent report from the U.K.-based NCC Group.

With the aim of developing a norm against paying ransomware ransoms, the group will look for ways to hold other nations accountable for their role in either facilitating or tolerating ransomware operations, the official said. The members of the initiative will also look to share information and take actions against ransomware operations in their jurisdictions.

International law enforcement partners have in recent months stepped up their cooperation to go after criminal hacking groups, resulting in the takedowns of the high-profile ransomware group Hive in January and the Genesis Market takedown in April, the official noted.

“We feel like the partnership two years in is now strong enough to take on these more complex efforts because countries are getting value from it and, as such, recognize that it’s a shared space,” the senior administration official said. “When they’re responsive to other countries’ requests to take down infrastructure that’s supporting criminal actors, other countries will be responsible to their requests as well.”