S’pore part of 48-nation alliance taking a stand against paying ransom to hackers
SINGAPORE – The Republic is one of 48 countries that are committed to strongly discouraging caving in to extortion demands by ransomware hackers.
The pledge was made at the gathering of an international alliance, which met for the third time in Washington on Tuesday and Wednesday.
During the meeting, representatives of the 50 members that make up the Counter Ransomware Initiative (CRI), which also include Interpol and the European Union, reaffirmed their joint commitment to publicly denouncing ransomware and those who perpetrate these devastating attacks.
The undertaking was led by Singapore and the United Kingdom, which are co-chairs of the policy pillar of the CRI.
A joint statement by CRI members on Thursday said: “We commit to collectively addressing our approach to ransomware payments to undermine the ransomware business model and disrupt criminal activity.
“We will not tolerate the extortive actions of these cyber criminals who too often act with seeming impunity.”
The members said they “strongly discourage” anyone from paying a ransomware demand, and each intends to lead by example by ensuring “relevant institutions under the authority” of their governments would not pay such demands.
The CRI was formed in 2021 and initially comprised 31 nations – with Singapore among them – and the EU.
In 2023, the Republic has led the development of best practices on cyber incident reporting and information sharing.
Mr David Koh, the chief executive of the Cyber Security Agency of Singapore (CSA), who led its delegation at the CRI meeting, described the alliance as a “big tent” that brings together countries against the scourge of international ransomware criminals.
“Our shared international conviction to act together against ransomware is a significant outcome,” he said.
“This statement sets a common international standard and is a sign that, while the CRI is only into the third year of its formation, we can make meaningful progress in our fight against ransomware and move towards establishing a rules-based multilateral order in cyberspace.”
In a separate statement on the White House’s website, members of the CRI said they would also create a shared blacklist of cryptocurrency wallets, with the United States’ Department of the Treasury pledging to share data on those used by ransomware actors with other members.
Ransomware refers to the malware used by hackers to encrypt an organisation’s systems. In many cases, sensitive information is also stolen and put up for sale on the Dark Web.
These hackers would typically demand a ransom in return for unlocking the systems and not making the stolen information public.
Some of the more notorious cyber criminal groups that have been conducting such ransomware attacks include the Russia-based Lockbit 3.0, which carried out 913 cyber attacks in 2022, and BlackCat, otherwise known as ALPHV, which emerged in late 2021.
Lockbit last Friday claimed it had stolen “a tremendous amount” of sensitive data from Boeing and threatened to dump the data online if the US planemaker did not pay a ransom.
In 2022, 132 ransomware incidents were reported to the Singapore Cyber Emergency Response Team, according to the CSA’s Cyber Landscape report published on June 23.
“These figures, however, are not likely to represent the full extent of the ransomware threat as not every victim will report an attack,” the report had said, citing how in the US, only about 20 per cent of ransomware victims sought help from law enforcement, based on the Federal Bureau of Investigation’s estimates.
A check by The Straits Times on several ransomware gangs’ websites hosted on the Dark Web showed that data from several Singapore organisations was available. Some came with a price tag, while others were free for download.
The organisations included construction firm Low Keng Huat, as well as the Academy of Medicine, Singapore, which had the personal information of some 50 doctors leaked in September.
To combat the threat posed by ransomware, the police and CSA jointly developed a one-stop ransomware portal for victims to lodge reports, as well as decrypt their affected systems.
The portal features an advisory by the police cautioning against paying any ransoms.
The CRI in its joint statement also said that paying a ransom “does not guarantee... the removal of malicious software from your systems... (or that) you will get your data back”.
Worse still, it incentivises cyber criminals to continue and expand their illicit activities, as well as provides them with a source of funds, it added.
Unlock unlimited access to ST exclusive content, insights and analyses
Join ST's WhatsApp Channel and get the latest news and must-reads.
No comments:
Post a Comment