SINGAPORE: Singapore is one of 48 countries that are committed to “strongly discourage” caving to extortion demands by ransomware hackers.

The pledge was made at the gathering of an international alliance which met for the third time in Washington, DC, on Tuesday and Wednesday (Oct 31 and Nov 1).

During the meeting, representatives of the 50 members that make up the Counter Ransomware Initiative (CRI) - which also include Interpol and the European Union - reaffirmed their joint commitment to “publicly denounce ransomware and those who perpetrate these devastating attacks”.

The undertaking was led by Singapore and the United Kingdom, who are co-chairs of the policy pillar of CRI.

A joint statement by CRI members on Thursday said: “We commit to collectively address our approach to ransomware payments to undermine the ransomware business model and disrupt criminal activity.

“We will not tolerate the extortive actions of these cyber criminals who too often act with seeming impunity.”

The members said they “strongly discourage” anyone from paying a ransomware demand, and each intend to lead by example by ensuring “relevant institutions under the authority” of their governments would not pay such demands.

The CRI was formed in 2021 and initially comprised 31 nations - Singapore among them - as well as the EU.

In 2023, Singapore led the development of best practices on cyber incident reporting and information sharing.

Mr David Koh, the chief executive of the Cyber Security Agency of Singapore (CSA), who led its delegation at the CRI meeting, described the alliance as a “big tent” that brings together countries against the scourge of international ransomware criminals.

“Our shared international conviction to act together against ransomware is a significant outcome,” he said.

“This statement sets a common international commitment and is a sign that, while the CRI is only into the third year of its formation, we can make meaningful progress in our fight against ransomware and move towards establishing a rules-based multilateral order in cyberspace.”

In a separate statement on the White House’s website, members of the CRI said they would also create a shared blacklist of cryptocurrency wallets, with the United States’ Department of the Treasury pledging to share data on those used by ransomware actors with other members.

Ransomware refers to the malware used by hackers to encrypt an organisation’s systems. In many cases, sensitive information is also stolen and put up for sale on the Dark Web.

To unlock the systems and prevent the stolen information from being made public, these hackers would typically demand a ransom.

Some of the more notorious cybercriminal groups that have been conducting such ransomware attacks include the Russia-based Lockbit 3.0, which carried out 913 cyber attacks in 2022, and BlackCat, otherwise known as ALPHV, which emerged in late 2021.

Lockbit last Friday claimed it had stolen “a tremendous amount” of sensitive data from Boeing and threatened that it would dump the data online if the US plane maker did not pay a ransom.

In 2022, 132 ransomware incidents were reported to the Singapore Cyber Emergency Response Team, according to the CSA’s Cyber Landscape report published on June 23.

“These figures, however, are not likely to represent the full extent of the ransomware threat as not every victim will report an attack,” the report had said, citing how in the US, only about 20 per cent of ransomware victims sought help from law enforcement, based off the Federal Bureau of Investigation’s estimates.

A check on several ransomware gangs’ websites hosted on the Dark Web showed that data from several Singapore organisations were available. Some came with a price tag, while others were free to download.

The organisations included construction firm Low Keng Huat, as well as the Academy of Medicine, Singapore, which had the personal information of some 50 doctors leaked in September.

To combat the threat posed by ransomware, the police and CSA jointly developed a one-stop ransomware portal for victims to lodge reports, as well as decrypt their affected systems.

The portal features an advisory by the police cautioning against paying any ransoms.

The CRI too in its joint statement said that paying a ransom “does not guarantee... the removal of malicious software from your systems... (or that) you will get your data back”.

Worse still, it incentivises cybercriminals to continue and expand their illicit activities, as well as provide them with a source of funds, it added. – The Straits Times/ANN