48 Nations Unite to Vow Not to Pay Ransom for Cyber Attacks Linked to North Korea, China, and Russia

FBI Director Christopher Wray is speaking at a hearing of the Senate Homeland Security and Governmental Affairs Committee in Washington D.C. on October 31./AFP·Yonhap News

The U.S.-led “Counter Ransomware Initiative (CRI)” summit, with 48 member countries, is preparing to pledge not to pay ransom to cybercriminals for ransomware hacking, according to Axios and Voice of America (VOA) on the 31st (local time).

◇ Counter Ransomware Initiative (CRI) summit of 48 member countries, including South Korea, the U.S., the U.K., France, and Germany, pledge not to pay ransom for ransomware hacking

Anne Neuberger, Deputy Assistant to the President and National Security Council (NSC) Cyber and Emerging Technology Coordinator, said in a telephone briefing the day before that, related to the ‘3rd CRI’ held in Washington D.C. from this day to November 1, “Through the pledge to share information about the wallets used for ransomware payments by the U.S. Treasury, the member countries’ governments are expected to adopt the first joint response ransomware initiative policy statement that they will create and share a wallet blacklist and not pay ransom.”

Deputy Assistant Neuberger said that not only the 48 CRI member countries around the world, including the U.S., South Korea, the U.K., France, and Germany, but also the European Union (EU) and the International Criminal Police Organization (Interpol) will sign this joint policy statement. She added that CRI member countries would start a new project to identify illegal funds linked to ransomware organizations by analyzing blockchains using artificial intelligence (AI), disclose information-sharing programs among member countries, and promise to support if a member country of the initiative is attacked by ransomware.

On the 25th (local time), a computer terminal used by the public to access Kansas court records in Shawnee County, Topeka, U.S., is closed. Most of the state courts have been offline since the 12th, and authorities define it as a ‘security incident’ that experts say has all the characteristics of a ransomware attack, according to AP./AP·Yonhap News

◇ Increase in ransomware attack cases but decrease in ransom payments

Ransomware is a type of cyber-attack in which hackers lock the files of the victim company and demand money as a ransom to unlock them.

The Biden administration in the U.S. has been holding the annual CRI since 2021 on the themes of responding to ransomware attacks, responding to cryptocurrency ransom laundering, and international cooperation. The number of participating countries has been increasing yearly, from 30 countries in the first year to 36 countries last year and 48 countries this year, according to VOA.

At last year’s meeting, member countries pledged not to harbor ransomware criminals within their borders, Axios reported.

Axios, citing a report by cyber insurance company Resilience, said that the issue of whether to pay money to ransomware hackers has been a significant point of contention in the global fight to block ransomware attacks and reduce the number of attacks. Although the number of ransomware attacks this year has already surpassed the total number in 2022, the proportion of companies paying ransom for hacking has plummeted to 15% in the first half of this year from 39.5% last year.

A document from the U.S. Treasury Department explaining how North Korea illegally employs IT personnel in foreign companies./Photo=U.S. Treasury Department website capture

◇ The U.S. and other Western countries point to North Korea as responsible for ransomware and other cyber-attacks…FBI Director “North Korea, China, Russia, conducting cyber operations targeting U.S. research”

The U.S. and other Western governments have been pointing to North Korea as responsible for cyber-attacks for years, from the hacking of Sony Pictures in 2014 to a large-scale global ransomware attack in 2017.

FBI Director Christopher Wray said in a statement submitted to the Senate Homeland Security and Governmental Affairs Committee hearing on the day, “Over the past few years, we have seen China, North Korea, and Russia conducting cyber operations targeting U.S. research,” and “As our adversaries become increasingly sophisticated, we are concerned about our ability to detect specific cyber operations against the U.S.”

According to blockchain analysis company Chain analysis, North Korea’s digital theft has surged from $30 million in 2017 to $520 million in 2018, maintained at $270 million in 2019, $300 million in 2020, and $430 million in 2021, and then surged again to $1.65 billion last year.

Director Wray said, “We are witnessing China’s efforts to acquire controlled dual-use technology while developing advanced cyber capabilities that can be used against other countries in the event of an actual war,” and pointed out that China is using all means, including sophisticated cyber intrusions, pressure on U.S. companies in China, and fake joint partnerships, in addition to human intelligence agents, collaborators, and corrupt insiders within companies in its economic espionage activities.

By. Ha Man Joo