UK among countries to sign ransomware payments agreement

The countries said they would ‘lead by example’ by not paying ransomware demands (PA)
The countries said they would ‘lead by example’ by not paying ransomware demands (PA)

The UK is among more than 40 countries to have signed a pledge agreeing that central government funds should not be used to pay ransomware demands to cyber criminals.

A joint statement from the Counter Ransomware Initiative (CRI) said the countries “would lead by example” by not paying ransomware demands and “strongly discourage anyone” from doing so.

The UK’s National Cyber Security Centre (NCSC) has always advised businesses and individuals to never pay ransomware demands, and it has been long-standing Government policy to not do so.

The agreement has also been signed by countries including the US, Australia, Canada, France, Germany, Japan and South Korea, as well as Interpol.

Security minister Tom Tugendhat
Security minister Tom Tugendhat hailed the pledge ‘an important step forward’ (PA)

Security minister Tom Tugendhat said the agreement would help set a new “global norm”.

“Crime shouldn’t pay. That’s why the UK and her allies are demonstrating leadership on cybersecurity by pledging not to pay off criminals when they try and extort the taxpayer using ransomware,” he said.

“This pledge is an important step forward in our efforts to disrupt highly organised and sophisticated cyber criminals, and sets a new global norm that will help disrupt their business models and deter them from targeting our country.”

Ransomware is a type of malicious software used by cyber criminals which often encrypts or steals data once it has gained access to a computer system.

The victim is then told to pay a large fee – often in cryptocurrency, which is harder to trace – in order to get their files back.

However, cybersecurity experts, including those at the NCSC, argue that paying a fee only benefits the criminals as it provides an incentive to continue offending and it does not guarantee the release of the affected data – a stance the CRI has now publicly backed in the agreement.

NCSC chief operating officer Felicity Oswald said: “Ransomware poses a significant threat to organisations in the UK and around the world and so international collaboration is essential for bearing down on cyber-criminal operations.

“The joint statement today demonstrates that the UK and a like-minded community of countries do not support payment of online criminals as we know this only makes the threat landscape worse for everyone.

“Many ransomware incidents can be prevented by ensuring that appropriate security measures are in place. We strongly encourage organisations to follow NCSC advice to effectively mitigate the risks and help protect themselves online.”