Global effort to curb ransomware extortion and disrupt criminal activities led by Singapore and the UK.
SINGAPORE – In a decisive move to combat the global threat of ransomware, Singapore has become part of an international coalition of 48 countries committed to discouraging ransom payments to hackers. This collective stand was made during a meeting of the Counter Ransomware Initiative (CRI) in Washington on Nov 5-6, 2024, which brought together nations, including the European Union and Interpol, to forge a united front against cyber extortion.
The initiative, co-chaired by Singapore and the United Kingdom, seeks to curb the business model of ransomware operations by publicly rejecting the payment of extortion demands. A joint statement issued by the members of the CRI emphasized the importance of collective action against these criminals, who often operate with impunity.
The statement, which was endorsed by all 50 members of the initiative, declared: “We commit to collectively addressing our approach to ransomware payments to undermine the ransomware business model and disrupt criminal activity. We will not tolerate the extortive actions of these cyber criminals, who too often act with seeming impunity.”
The CRI was established in 2021 with 31 nations, including Singapore, and has since expanded its membership. The Republic has also taken a lead role in creating best practices for cyber incident reporting and information sharing. At the CRI meeting, David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA), highlighted the importance of international cooperation in the fight against ransomware, describing the alliance as a “big tent” that unites countries against this rising cyber threat.
As part of the alliance’s efforts, the United States Department of the Treasury will share data on cryptocurrency wallets used by ransomware actors, contributing to a shared blacklist of such wallets. This development aims to disrupt the financial network of ransomware groups, making it harder for them to profit from their activities.
Ransomware is a form of malware that encrypts an organization’s systems, often with sensitive data being stolen and held for ransom. Hackers demand payments to unlock the systems or prevent the public release of the stolen information. Singapore has not been immune to these attacks, with 132 ransomware incidents reported in 2022 to the Singapore Cyber Emergency Response Team (SingCERT). However, experts note that these figures likely underrepresent the full scope of the problem, as many victims do not report incidents.
Notorious ransomware groups, such as Lockbit 3.0 and BlackCat (ALPHV), have been behind high-profile attacks, with Lockbit claiming to have stolen sensitive data from Boeing in 2023, threatening to release it unless a ransom was paid.
The CRI also reiterated that paying a ransom does not guarantee that systems will be restored or that stolen data will be returned. In fact, such payments encourage further criminal activity and provide a continuous source of funds for cybercriminals. The initiative encourages victims to report incidents rather than succumb to ransom demands.
Singapore has taken steps to support ransomware victims through its one-stop ransomware portal, developed in collaboration with the Singapore Police Force and CSA. The portal provides victims with a platform to report incidents and access decryption tools, while also advising against paying ransoms.
