• The International Counter Ransomware Initiative met this week and outlined how its members would combat the growing threat of cybercrime.
• Among the commitments was a recommendation for CRI members not to pay ransoms.
• This will be accomplished through training and knowledge sharing among the CRI members.

Ransomware has the ability to entirely upend a business and without proper disaster recovery, a business could be forced to cough up and pay the ransom attackers demand.

This week, 50 members of the International Counter Ransomware Initiative (CRI) met in Washington, D.C for the third convening of the initiative. South Africa is a member of this group. During this meeting the group outlined the development of capabilities to disrupt attackers and the infrastructure they use to conduct said attacks.

There are some great suggestions here such as mentoring and training new CRI members, using artificial intelligence to counter ransomware and even share information about attacks between CRI members.

In addition, there was mention of adopting a policy where governments who are members of the CRI declare that they won’t pay ransoms.

“Through the Policy Pillar, CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example. CRI members endorsed a statement that relevant institutions under our national government authority should not pay ransomware extortion demands. CRI members intend to implement the Financial Action Task Force (FATF)’s Recommendation 15 on the regulation of virtual assets and related service providers, which would help stem the illicit flow of funds and disrupt the ransomware payment ecosystem,” reads a briefing published by The White House.

This sounds great but the fact of the matter is that many companies still pay ransoms. In its The State of Ransomware 2023 report, Sophos found that 46 percent of the 3 000 IT and cybersecurity leaders surveyed reported that ransomware ransoms were being paid.

While not paying a ransom is regarded as best practice in the cybersecurity space, as we mentioned, if there aren’t proper backups of data, disaster response and recovery plans, then entities have little choice but to pay the ransom attackers are demanding.

One way that CRI members may be able to turn that tide is through sharing information.

“Members will work toward attaining a comprehensive understanding of the ransomware threat by sharing information and exchanging knowledge through virtual seminars and labs. Members plan to create and share resources to build their national counter-ransomware capacity, working closely with the other pillars to develop practical tools for governments to prevent, respond to, and recover from ransomware attacks, uplift cyber capabilities across the existing CRI membership, and advocate new membership to those countries who will most benefit from what the CRI has to offer,” the White House statement reads.

Whether the CRI members can in fact resist the need to pay ransomware ransoms remains to be seen but the fact of the matter is that even if they do, if they don’t declare, and the attacker doesn’t announce that it has been paid by a CRI member, we’d never really know.

It’s a great thought but in practice, we’re not entirely sure it will play out.

The CRI consists of Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, the Czech Republic, the Dominican Republic, Egypt, Estonia, the European Union, France, Germany, Greece, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Papua New Guinea, Poland, Portugal, the Republic of Korea, Romania, Rwanda, Sierra Leone, Singapore, Slovakia, South Africa, Spain, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, the United States, and Uruguay.