These countries hope to cripple the growing market for cryptocurrency ransomware payments.
If you’re a hacker, you could try stealing from individuals, maybe getting a few thousand bucks per victim, maybe winning the lottery with a Bitcoin wallet. Or you could go for the big fish: corporate and government targets, with both the means and the motive to pay you millions of dollars to retrieve stolen data. In the United States alone, more than 200 government, healthcare, and education targets were hit last year. But a group of countries is trying to break that trend, or at least make it far less lucrative.
The International Counter Ransomware Initiative, which apparently could not think of a cool acronym for itself, finalized a series of policies in a Washington, D.C. summit on Tuesday. Among them is a pledge to share data on ransomware perpetrators and techniques, establish a blacklist of known criminal digital wallets for cryptocurrency, shut down detected threats emerging from within an ally’s borders, and a mutual pledge not to give in to ransomware demands. The idea, naturally, is to remove the member governments as potential targets by (hopefully) removing the economic incentive.
The 40 nations that signed the pledge, plus the European Union as a body, include the vast majority of nations with representatives in attendance. But eight declined to commit to the pledge. The Reuters report (spotted by Bleeping Computer) did not specify which countries were in and which were out, though more might sign on as terms are discussed. Notably Russia, China, Iran, and North Korea, known to be state-level backers of ransomware attacks as well as home to independent hacker groups, are not members of the Initiative.
Ransomware is becoming a looming threat to almost every large organization, be it government, commercial, or anything else. In the first half of the year almost $450 million in cryptocurrency transactions was detected flowing into known hacker wallets, a huge and growing year-over-year increase.