We Won’t Pay Ransomware Crims — 40 Nations Promise Biden’s WH

Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technologiesInternational Counter Ransomware Initiative (CRI) hopes to pull rug from under scrotes.

The White House wants the world to turn off the ransom faucets. The big idea is this: If you stop paying, the incentive to wield ransomware will disappear. To that end, 40 countries have agreed to stop rewarding criminals, to share data and to help each other fight the scourge.

The Biden administration’s Anne Neuberger (pictured) hopes nobody accuses her of bullying them. In today’s SB Blogwatch, we weigh the pros and cons.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Big backhoes.

Will CRI Pledge Work?

What’s the craic? Zeba Siddiqui reports—“Alliance of 40 countries to vow not to pay ransom”:

Analyze blockchains
[It] comes as the number of ransomware attacks grows worldwide. The United States is by far the worst hit, with 46% of such attacks, [said] Anne Neuberger, U.S. deputy national security adviser … for cyber and emerging technologies: … ”As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow.”

The new initiatives by the alliance aim to eliminate the criminals’ funding through better information sharing about ransom payment accounts. … Partner countries will share … information on digital wallets being used to move ransomware payments. [And] the effort will use artificial intelligence to analyze blockchains with a view to identifying illicit funds.

 

So? Suzanne Smalley says the agreement has a “focus on not paying hackers”:

Threat indicators
The … CRI has expanded in scope and ambition since it debuted with 30 members and the European Union in 2021. [Now it] will offer “innovative mentorship and tactical training” programs for newer members, citing how Israel has coached Jordan on countering ransomware as one example.

The initiative also will begin using a new information sharing platform that will enable member countries to quickly exchange news of threat indicators, Neuberger said … citing work Lithuania, Israel and the United Arab Emirates have done to create platforms so “if one country is attacked, others can quickly be defended against that.”

 

So the U.S. is banning other countries from paying ransoms? Not exactly, says Carly Page—“US-led cybersecurity coalition vows to not pay hackers”:

We’re pretty much there
The pledge stops short of banning companies from making ransom payments, which the U.S. government has long warned could inadvertently create opportunities for further extortion by ransomware gangs. … The White House has not yet said how member states will be held accountable to their pledge, or what consequences they face, if any, if they make a ransom payment.

Not all of the 48 CRI member governments have yet agreed to the anti-ransom payment pledge, Neuberger said. … “But we’re pretty much there.”

 

Hmm. But will it work? varjag sounds super cynical:

This … will end up mostly a jurisdiction/accounting nuance, rather than a substantial change. … There’s no such thing as, “No negotiations with terrorists.” … When push comes to shove, side channels and loopholes are inevitably found.

As long as you have a non-signatory among otherwise first world nations (and there’s always a handful on any treaty) there absolutely will be a [loophole] you can’t do much about. … It took, what, over two decades to convince Switzerland and Austria to get on board for (part of) money laundering treaties? And ransom(ware) is not anywhere as pressing.

Everyone’s a hardliner until it’s your grandson’s finger in the envelope.

 

With a snappier explanation, here’s Clausewitz4.0:

[They] can always pay through a middlemen in Seychelles or Hong Kong. Write off the fees as consulting.

 

Haters gonna hate. But u/Franco1875 is guardedly optimistic:

A proactive effort here, which is positive. Good to see a concerted push from international partners.

Whether or not this will actually put a dent in the cash flow for ransomware groups is another question entirely. There will undoubtedly be organisations that’ll choose to just pay up to avoid an even bigger mess. How will this be policed, exactly?

 

How indeed? PubJeezy gives a concrete example:

So are they gonna prosecute Caesars Entertainment? They just paid $30 million to a transnational terrorist organization for a pinky swear that they wouldn’t use their data in the future.

This was a massive transfer of capital from an American business to a criminal organization—and they did it for no reason. All they got for $30 million is promise from a Telegram account.

If the American government expects this agreement to hold any weight, they’ll need to start showing the world that they’re enforcing it domestically. I believe that giving Caesars the corporate death-penalty would more or less end the ransomware epidemic.

 

Something-something BLOCKCHAIN? acdha applauds:

Adding wallets to a … list is highly effective because, while there was a lot of dishonest marketing around blockchains improving privacy, they’re actually perfect for censorship: … A public ledger allows you to transitively taint every transaction downstream, significantly reducing the value of certain tokens and removing the ability of people to say they didn’t know the funds they are receiving were connected to a crime.

 

Too little, too late? This wouldn’t be such a huge problem if they’d only listened to DS999:

Finally doing what I said they should do, like five years ago when ransomware was starting to become a thing. Better late than never!

It would have been so much easier to crack down on it back before it became so established. Now that it has been ingrained into the business world as a “cost” (you can even buy ransomware insurance) there will probably be pushback from companies that are hit by it during the interim between the ban and between the ransomware people giving up because it no longer pays. No doubt that will be painful for those so afflicted, but if they try to delay it or cheat their way around the ban, it will only delay the day before ransomware becomes a thing of the past.

 

Meanwhile, who can suggest a better idea? Kernel Kurtz can:

Missiles or extraordinary rendition might be a good addition to our cybersecurity toolbox. Take out a few ransomware gang members with extreme prejudice and make them look over their shoulders forever as an example to others.

 

And Finally:

“Digger” is UK-ish for backhoe

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: C-SPAN (licensed; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 676 posts and counting.See all posts by richi