Alliance of 40 countries to vow not to pay ransom to cybercriminals

(Reuters) — Forty countries in a U.S.-led alliance plan to sign a pledge never to pay ransom to cybercriminals and to work toward eliminating the hackers’ funding mechanism, a senior White House official said Tuesday.

The International Counter Ransomware Initiative comes as the number of ransomware attacks grows worldwide. The United States is by far the worst hit, with 46% of such attacks, Anne Neuberger, U.S. deputy national security adviser in the Biden administration for cyber and emerging technologies, told reporters in a virtual briefing.

“As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow,” she said.

While hundreds of companies fall victim every year, high-profile U.S. attacks occurred in recent months at casino operator MGM Resorts International and cleaning products company Clorox. Both companies have not yet fully recovered from the disruptions.

The new initiatives by the alliance aim to eliminate the criminals’ funding through better information sharing about ransom payment accounts, Ms. Neuberger said. Two information-sharing platforms will be created, one by Lithuania and another jointly by Israel and the UAE.

Partner countries will share a “black list” through the U.S. Department of Treasury that will include information on digital wallets being used to move ransomware payments, Ms. Neuberger said.

She added that the effort will use artificial intelligence to analyze blockchain with a view to identifying illicit funds.

The volume of crypto payments to ransomware attackers is on track for its second-biggest annual total on record, blockchain analytics company Chainalysis said in July.