1 year ago
217
In the run-up to an annual gathering of more than 45 nations in Washington this month, the United States is pressuring governments to publicly commit to refraining from making ransom payments to hackers.
Anne Neuberger, Deputy National Security Adviser, expressed hope for garnering support for such a declaration but acknowledged the difficulty of this policy decision. If member countries fail to reach an agreement before the meeting, the topic will be discussed during the event.
Ransomware attacks have surged in popularity in recent years due to their profitability for hackers. In these attacks, malicious code encrypts a victim’s computer files, rendering them inaccessible.
Hackers then demand a ransom in exchange for providing a decryption key. Another form of extortion involves hackers stealing sensitive documents and demanding payment to prevent their public release.
The intention behind the proposed statement is to change the calculus of victims, who often find it easier to pay the ransom and restore their operations rather than resist the hackers’ demands.
Neuberger explained that “ransom payments are what’s driving ransomware,” and addressing the issue at its root, namely the financial incentive, is crucial. The statement is expected to target governments rather than companies that frequently fall prey to ransomware attacks. It serves as an initial step toward broader efforts to curb ransom payments to hackers.
The Biden administration established an annual international summit to address ransomware in 2021, bringing together cybersecurity leaders from various nations to collaborate on strategies to combat these attacks.
The inaugural summit followed the Colonial Pipeline Co. cyberattack, which disrupted fuel supplies along the US East Coast. Since then, the number of participating countries has grown from 31 to over 45.
Despite progress since the Colonial Pipeline incident, a series of disruptive ransomware attacks on hospitals, manufacturing facilities, and casinos in recent months underscores the ongoing challenges. Neuberger emphasized the goal of eradicating the threats posed by ransomware.
While some argue that an outright ban on ransom payments is not yet feasible, Neuberger contends that advancements in cybersecurity standards, preparedness, and more robust law enforcement interventions make it increasingly viable to avoid making ransom payments. Many companies are now implementing backup systems for system restoration in the event of a cyberattack, and insurance policies are incentivizing higher cybersecurity standards.
In addition to the initiative against ransom payments, the US is advocating for greater transparency in cryptocurrency transactions to combat money laundering.
Neuberger aims to expand the number of countries implementing “Know Your Customer” rules for cryptocurrency firms on a voluntary basis.
The US is also encouraging governments worldwide to establish cybersecurity labelling standards for internet-connected devices, enabling consumers to assess the security of products like baby monitors and home alarms before purchase. The goal is to have these labels on “Internet of Things” devices available in stores by Christmas 2024.
English (US)