In the run-up to an annual gathering of more than 45 nations in Washington this month, the United States is pressuring governments to publicly commit to refraining from making ransom payments to hackers.
Anne Neuberger, Deputy National Security Adviser, expressed hope for garnering support for such a declaration but acknowledged the difficulty of this policy decision. If member countries fail to agree before the meeting, the topic will be discussed during the event.
Ransomware attacks have surged in popularity recently due to their profitability for hackers. In these attacks, malicious code encrypts a victim’s computer files, rendering them inaccessible.
Hackers then demand a ransom in exchange for providing a decryption key. Another form of extortion involves hackers stealing sensitive documents and demanding payment to prevent their public release.
The proposed statement intends to change the calculus of victims, who often find paying the ransom and restoring their operations easier than resisting the hackers’ demands.
Neuberger explained that “ransom payments are what’s driving ransomware,” and addressing the issue at its root, namely the financial incentive, is crucial. The statement is expected to target governments rather than companies frequently falling prey to ransomware attacks. It serves as an initial step toward broader efforts to curb ransom payments to hackers.
The Biden administration established an annual international summit to address ransomware in 2021, bringing together cybersecurity leaders from various nations to collaborate on strategies to combat these attacks.
The inaugural summit followed the Colonial Pipeline Co. cyberattack, which disrupted fuel supplies along the US East Coast. Since then, participating countries have grown from 31 to over 45.
Despite progress since the Colonial Pipeline incident, a series of disruptive ransomware attacks on hospitals, manufacturing facilities, and casinos in recent months underscores the ongoing challenges. Neuberger emphasized the goal of eradicating the threats posed by ransomware.
While some argue that an outright ban on ransom payments is yet to be feasible, Neuberger contends that advancements in cybersecurity standards, preparedness, and more robust law enforcement interventions make it increasingly viable to avoid making ransom payments. Many companies are now implementing backup systems for system restoration in the event of a cyberattack, and insurance policies are incentivizing higher cybersecurity standards.
In addition to the initiative against ransom payments, the US is advocating for greater transparency in cryptocurrency transactions to combat money laundering.
Neuberger aims to expand the number of countries voluntarily implementing “Know Your Customer” rules for cryptocurrency firms.
The US is also encouraging governments worldwide to establish cybersecurity labeling standards for internet-connected devices, enabling consumers to assess the security of products like baby monitors and home alarms before purchase. The goal is to have these labels on “Internet of Things” devices available in stores by Christmas 2024.