UK among countries to sign ransomware payments agreement
A group of more than 40 countries have signed an agreement pledging not to use central government funds to pay ransoms to cyber criminals.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The UK is among more than 40 countries to have signed a pledge agreeing that central government funds should not be used to pay ransomware demands to cyber criminals.
A joint statement from the Counter Ransomware Initiative (CRI) said the countries “would lead by example” by not paying ransomware demands and “strongly discourage anyone” from doing so.
The UK’s National Cyber Security Centre (NCSC) has always advised businesses and individuals to never pay ransomware demands, and it has been long-standing Government policy to not do so.
The agreement has also been signed by countries including the US, Australia, Canada, France, Germany, Japan and South Korea, as well as Interpol.
Security minister Tom Tugendhat said the agreement would help set a new “global norm”.
“Crime shouldn’t pay. That’s why the UK and her allies are demonstrating leadership on cybersecurity by pledging not to pay off criminals when they try and extort the taxpayer using ransomware,” he said.
“This pledge is an important step forward in our efforts to disrupt highly organised and sophisticated cyber criminals, and sets a new global norm that will help disrupt their business models and deter them from targeting our country.”
Ransomware is a type of malicious software used by cyber criminals which often encrypts or steals data once it has gained access to a computer system.
Ransomware poses a significant threat to organisations in the UK and around the world and so international collaboration is essential for bearing down on cyber-criminal operations
The victim is then told to pay a large fee – often in cryptocurrency, which is harder to trace – in order to get their files back.
However, cybersecurity experts, including those at the NCSC, argue that paying a fee only benefits the criminals as it provides an incentive to continue offending and it does not guarantee the release of the affected data – a stance the CRI has now publicly backed in the agreement.
NCSC chief operating officer Felicity Oswald said: “Ransomware poses a significant threat to organisations in the UK and around the world and so international collaboration is essential for bearing down on cyber-criminal operations.
“The joint statement today demonstrates that the UK and a like-minded community of countries do not support payment of online criminals as we know this only makes the threat landscape worse for everyone.
“Many ransomware incidents can be prevented by ensuring that appropriate security measures are in place. We strongly encourage organisations to follow NCSC advice to effectively mitigate the risks and help protect themselves online.”