A U.S.-led alliance comprising forty countries has committed to signing a pledge that they will never pay ransom to cybercriminals. The initiative, known as the International Counter Ransomware Initiative, is intended to eliminate the funding mechanism for hackers.
According to a senior White House official, the move comes as ransomware attacks continue to grow globally, with the United States being the hardest hit, accounting for 46% of such attacks.
The Financial Aspect of Ransomware Attacks
Anne Neuberger, U.S. Deputy National Security Adviser in the Biden administration for cyber and emerging technologies, emphasized the significance of addressing the financial aspect of ransomware attacks. She stated, “As long as money continues to flow to these criminals, the problem will persist and escalate.” Ransomware attacks involve hackers encrypting an organization’s systems and demanding ransom payments in exchange for unlocking them. Additionally, the attackers often steal sensitive data and use it as leverage to extort victims, threatening to leak the information online if payments are not made.
Disrupting Cybercriminal Funding Mechanisms
The new initiative aims to disrupt the funding mechanisms of cybercriminals through enhanced information sharing about ransom payment accounts. Partner countries will collaborate by sharing a “black list” via the U.S. Department of Treasury, which will contain information about digital wallets used for ransomware payments.
Notably, artificial intelligence (AI) will play a pivotal role in this endeavor. The alliance plans to utilize AI-driven blockchain analysis to identify illicit funds. By leveraging the power of AI, they aim to track and trace the flow of funds associated with ransomware attacks more effectively.
Blockchain analytics firm Chainalysis reports that the volume of cryptocurrency payments to ransomware attackers is on track to reach its second-highest annual total on record. Ransomware attackers are increasingly asking for payments in privacy coins like Monero (XMR) while still mostly accepting Bitcoin (BTC) payments but with a premium.
“Most of the groups and strains listed as using XMR are relatively new,” stated a report by crypto intelligence company CipherTrace last year. CipherTrace data revealed that at least 22 ransomware groups accept only XMR, while another seven accept both BTC and XMR. While the number of those using BTC exceeds 1,000, over 50 groups and strains still use XMR.
Despite the prevalence of ransomware attacks, high-profile incidents continue to affect major U.S. organizations. Companies such as casino operator MGM Resorts International and cleaning products manufacturer Clorox have fallen victim to these attacks, grappling with the aftermath and struggling to fully recover from the disruptions caused.
