Bloomberg — The United States is pressing a group of countries to publicly commit not to paying ransoms to hackers ahead of an annual meeting of more than 45 countries in Washington later this month.

Anne Neuberger, the deputy national security adviser, told Bloomberg News that she had “very hopeful” of getting support for the declaration, but admits it is a “difficult political decision”. If members can’t agree on a statement before the meeting, it will be included as a discussion item, he said.

Ransomware is a type of malicious code that encrypts a victim’s computer files, rendering them useless. The hackers then demand payment to provide the key to open it. Another popular type of extortion attack is hackers stealing confidential documents from victims and demanding payment not to publish them on the Internet.

These ransomware attacks have become increasingly popular in recent years, partly because they are very profitable for hackers. This is because victims often conclude that it is easier to pay the ransom and restore operations than to refuse the hacker’s demands.

The goal of this statement is to change that calculus, Neuberger said. “Paying ransoms is what causes ransomware,” he said. “That’s why we think it’s so necessary.”

“You have to get to the root of the problem,” Neuberger said. “The root of the problem is money.” This statement is expected to apply to governments and not to companies that are often victims of ransomware attacks. Neuberger said this would be the first step toward a broader effort to curb ransom payments to hackers.

The Biden administration held an annual international summit to tackle ransomware in 2021, a gathering of cybersecurity leaders from different countries who came together to collaborate on efforts to curb attacks. The first summit came months after the cyberattack on Colonial Pipeline Co. which disrupted fuel supplies along the US East Coast and served as a warning to the wider public about the dangers of ransomware. Since the first meeting, the number of participants has increased from 31 countries to more than 45 countries.

But more than two years after the Colonial Pipeline hack, A series of disturbing ransomware attacks against hospitals, factories and casinos in recent months shows that more needs to be done to stop this crime. Neuberger said. “We will eradicate the ghost of the Colonial Pipeline,” he said, explaining the purpose of the Oct. 31 meeting.

Charles Carmakal, chief technology officer at Mandiant Consulting, is among those who argue that a total ban is far from feasible.

“There is still a lot to do before we can ban extortion payments,” he told Bloomberg in September. “Law enforcement must be more aggressive towards those who threaten and harm them.”

But Neuberger argues that advances in cybersecurity regulations, preparedness and stronger intervention by security forces make it more feasible not to pay ransoms. He said more companies are now creating backups so they can restore their systems if they are hacked, and insurance company policies are incentivizing stricter cybersecurity standards.

Britain, which along with Singapore is leading the fight against illicit funding through an anti-ransomware initiative, did not respond to a request for comment. The Record, a publication of cybersecurity company Recorded Future Inc, previously reported on US pressure on the government to say it would not pay the ransom.

Neuberger, who attended Singapore International Cyber ​​​​Week this week, also advocated greater disclosure of cryptocurrency transactions to help curb money laundering. They want to expand the number of countries that apply “Know Your Customer” rules to cryptocurrency companies, at least voluntarily.

Additionally, the US wants governments around the world to set cybersecurity labeling standards so consumers can evaluate (before purchasing) the security level of Internet-connected devices, such as baby monitors and home alarms, Neuberger said. Earlier this year, the United States announced a proposal for voluntary cybersecurity labeling for Internet-connected devices.

He said the goal is to have labels for these “Internet of Things” devices in stores by Christmas 2024.

Read more at Bloomberg.com