Reuters reports that a US-led alliance of 40 countries, which includes South Africa, plan to sign a pledge to never pay ransoms to cybercriminals who lock governments out of their online systems through hacking.

The International Counter Ransomware Initiative (CRI) seeks to encourage responsible state behaviour in cyberspace, including through the exchanging of information and assistance in efforts to prosecute terrorist and criminal use of ICT.

Malicious hackers — including suspected state-sponsored actors from Russia — have increasingly targeted the connected IT systems of the US in ransomware attacks.

In these incidents, cybercriminals gain access to systems and encrypt potentially valuable files, locking users out of their data.

As explained in a press statement from the White House, the CRI’s primary goals are the following:

Hold ransomware actors accountable for their crimes and not provide them safe haven;

Combat ransomware actors’ ability to profit from illicit proceeds by implementing and enforcing anti-money laundering and countering the financing of terrorism measures, including “know your customer” (KYC) rules, for virtual assets and virtual asset service providers;

Disrupt and bring to justice ransomware actors and their enablers, to the fullest extent permitted under each partner’s applicable laws and relevant authorities; and

Collaborate in disrupting ransomware by sharing information, where appropriate and in line with applicable laws and regulations, about the misuse of infrastructure to launch ransomware attacks to ensure national cyber infrastructure is not being used in ransomware attacks.

To achieve the above, the CRI members are building a network of partners to share and disseminate ransomware-related threat information to increase the collective resilience to ransomware attacks.

The voluntary International Counter Ransomware Task Force (ICRTF) will develop cross-sectoral tools and cyber threat intelligence exchange to increase early warning capabilities and prevent attacks, as well as consolidate policy and best practice frameworks, the White House said.

“The ICRTF expects to produce public reports on tools, tactics, and procedures to improve awareness to global stakeholders, promote and encourage membership of the CRI, and improve cyber hygiene across the board,” the White House said.

“The ICRTF intends to consider a model for ongoing collaboration with key private sector partners, including the establishment of an ancillary industry chapter that would be actively engaged with the work of the ICRTF.”

The South African government’s commitment to the pledge comes after several high-profile ransomware attacks against government entities and companies in the past few years.

Perhaps the most severe was an attack that crippled the Department of Justice (DoJ) in 2021.

In addition to cutting off access to much of the DoJ’s systems, severely impacting the Master’s Office and courts for several months, the attackers were able to steal 1,204 files containing people’s private information.

The DoJ was fined R5 million by the Information Regulator after it failed to comply with an enforcement notice.

The regulator effectively found the DoJ negligent and ordered it to renew security system licences it had allowed to lapse.

However, the Department of Justice is taking the Information Regulator to court to oppose the fine.

