Policy paper

CRI joint statement on ransomware payments

Published 2 November 2023

Members of the Counter Ransomware Initiative^{[footnote 1]} are joining together to publicly denounce ransomware and those who perpetrate these devastating attacks.

We commit to collectively address our approach to ransomware payments to undermine the ransomware business model and disrupt criminal activity. We will not tolerate the extortive actions of these cyber criminals who too often act with seeming impunity.

Therefore, we strongly discourage anyone from paying a ransomware demand. Each of us intends to lead by example. We have reached consensus that relevant institutions under the authority of our national government should not pay ransomware extortion demands.^{[footnote 2]}

Paying a ransom to ransomware actors:

• does not guarantee the end of an incident, or the removal of malicious software from your systems
• provides incentives for criminals to continue and expand their activities
• provides funds that criminal actors can use for illicit activity
• does not guarantee you will get your data back

We will continue to comprehensively address the threat posed to our countries by ransomware, incorporating law enforcement, including INTERPOL- increasing our resilience and limiting the funds available to these criminals.

1. Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, Czech Republic, Dominican Republic, Egypt, Estonia, France, Germany, Greece, India, Interpol, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Poland, Portugal, Republic of Korea, Romania, Rwanda, Sierra Leone, Singapore, Slovakia, South Africa, Spain, Sweden, Switzerland, Ukraine, United Arab Emirates, United Kingdom, United States. ↩

2. In accordance with domestic laws and regulations. ↩