UK among countries to sign ransomware payments agreement

A group of more than 40 countries have signed an agreement pledging not to use central government funds to pay ransoms to cyber criminals.
The countries said they would ‘lead by example’ by not paying ransomware demands (PA)
PA Archive
Martyn Landi2 November 2023

The UK is among more than 40 countries to have signed a pledge agreeing that central government funds should not be used to pay ransomware demands to cyber criminals.

A joint statement from the Counter Ransomware Initiative (CRI) said the countries “would lead by example” by not paying ransomware demands and “strongly discourage anyone” from doing so.

The UK’s National Cyber Security Centre (NCSC) has always advised businesses and individuals to never pay ransomware demands, and it has been long-standing Government policy to not do so.

The agreement has also been signed by countries including the US, Australia, Canada, France, Germany, Japan and South Korea, as well as Interpol.

Security minister Tom Tugendhat said the agreement would help set a new “global norm”.

Crime shouldn’t pay. That’s why the UK and her allies are demonstrating leadership on cybersecurity by pledging not to pay off criminals when they try and extort the taxpayer using ransomware,” he said.

“This pledge is an important step forward in our efforts to disrupt highly organised and sophisticated cyber criminals, and sets a new global norm that will help disrupt their business models and deter them from targeting our country.”

Ransomware is a type of malicious software used by cyber criminals which often encrypts or steals data once it has gained access to a computer system.

Ransomware poses a significant threat to organisations in the UK and around the world and so international collaboration is essential for bearing down on cyber-criminal operations

Felicity Oswald, NCSC chief operating officer

The victim is then told to pay a large fee – often in cryptocurrency, which is harder to trace – in order to get their files back.

However, cybersecurity experts, including those at the NCSC, argue that paying a fee only benefits the criminals as it provides an incentive to continue offending and it does not guarantee the release of the affected data – a stance the CRI has now publicly backed in the agreement.

NCSC chief operating officer Felicity Oswald said: “Ransomware poses a significant threat to organisations in the UK and around the world and so international collaboration is essential for bearing down on cyber-criminal operations.

“The joint statement today demonstrates that the UK and a like-minded community of countries do not support payment of online criminals as we know this only makes the threat landscape worse for everyone.

“Many ransomware incidents can be prevented by ensuring that appropriate security measures are in place. We strongly encourage organisations to follow NCSC advice to effectively mitigate the risks and help protect themselves online.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in