At the Counter Ransomware Initiative (CRI) Summit in San Francisco yesterday, the Australian government joined international allies and partners in pledging not to pay ransom demands related to cyber-attacks.
The 50 members of the International Counter Ransomware Initiative (CRI) includes Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, the Czech Republic, the Dominican Republic, Egypt, Estonia, the European Union, France, Germany, Greece, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Papua New Guinea, Poland, Portugal, the Republic of Korea, Romania, Rwanda, Sierra Leone, Singapore, Slovakia, South Africa, Spain, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, the United States, and Uruguay.
The initiative, set up by the US in 2021, has been used by Australia as a way of demonstrating their commitment to tackling cybercrime on the international stage. The Australian Government has been front and centre of the CRI, with the Minister for Home Affairs Clare O’Neil MP chairing the initiative’s International Counter Ransomware Task Force since its formation 12 months ago.
The pledge commits the governments of signatory countries, including Australia, to not pay ransoms to cybercriminals. It should be noted that this commitment only applies to government agencies and not the countries’ private industries.
While the pledge does set an example and provide a united front against the gangs, given the bulk of ransomware attacks target small and medium-sized businesses, the pledge may not result in a major disruption to the operations and revenue of cyber criminals, but does help all players understand that payments in crypto or otherwise will not be made from Government agencies.
A recent example of a ransomware attack is the HWL Ebsworth attack. The attack saw ransomware group ALPHV/BlackCat stealing data from the law firm, impacting up to 65 Australian Government agencies and the big four banks. HWL Ebsworth received 16 weeks of government assistance before it was determined that they no longer needed government assistance.
In the attack, approximately 1.4TB of the stolen data appeared on the dark web after the ransom wasn’t paid.
Yesterday’s pledge commits the governments of signatory countries, including Australia, to not pay ransoms to cybercriminals. It should be noted that this commitment only applies to government agencies and not the countries’ private industries.
Oakley Cox, Cybersecurity Analyst and Technical Director for Darktrace
While, the pledge does set an example and provide a united front against the gangs, given the bulk of ransomware attacks target small and medium sized businesses, the pledge is not likely to result in a major disruption to the operations and revenue of cyber criminals.
Even if the government does back Australian businesses to not pay the ransom, there is a bigger cost of cyber-attacks to companies than the ransom.
Case in point is the government’s involvement in the HWL Ebsworth attack from earlier this year, HWL Ebsworth ultimately didn’t pay the ransom in a coordinated response with assistance from the Australian Cybersecurity centre (ACSC), Federal and State law enforcement, and the newly minted National Cyber Security Coordinator.
However, they lost many clients due to the attack and the data that was stolen was put online, which weakens the trust of customers and, if that was personal data, could cause much distress to individuals.
While the CRI is a welcome signal for the world to not pay ransoms in ransomware attacks, which will in the long run negate much of the financial benefit of these attacks to hackers, it does still focus on what to do after the attack. Meaning the organisations have already been infiltrated.
We would’ve liked to have seen the Summit also focus on how to stop these attacks occurring. Private sector and government organisations alike can still do much more to protect themselves and keep the publics data safe.
What can businesses do to protect themselves from ransomware attacks?
There are a number of things businesses can do to protect themselves from ransomware attacks, including:
- Educate your employees about ransomware.
Make sure your employees know what ransomware is and how to spot it. - Keep your software up to date.
Software updates often include security patches that can help protect you from known ransomware attacks. - Back up your data regularly.
If you do get hit by a ransomware attack, having regular backups of your data will allow you to restore your systems without paying the ransom. - Use strong passwords and multi-factor authentication.
Strong passwords and multi-factor authentication can help to prevent attackers from gaining access to your systems. - Implement the ASD Essential 8
The Australian Signals Directorate has assembled a list of the 8 most important things businesses can do to help protect their systems and data.
