Skip to content

Our Privacy Statement & Cookie Policy

All Thomson Reuters websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.


Cybersecurity groups not to pay ransom demands

· 6 minute read

· 6 minute read

Uncover the impact and prevention strategies against cyber threats.

Jump to:

 The big picture

 Why this issue matters

 Understanding ransomware


The big picture

On October 31, the Counter Ransomware Initiative (CRI), a U.S.-led group of 50 countries, pledged to sign an international agreement that their governments would never pay ransomware to cyber criminals. This follows another pledge that the CRI group made in 2022 when each country promised not to harbor ransomware cybercriminals within their borders.

Ransomware represents one of the world’s most daunting cybersecurity challenges. In a ransomware attack, hackers gain access to an organization’s IT system, encrypt it, and demand ransom payments in exchange for unlocking it. There are so many cyber threats to watch out for to protect sensitive information. They often also steal sensitive operations and customer data.

As part of its October pledge, the CRI countries agreed to help any member country respond to ransomware attacks on their governments. They also pledged to assist any CRI member with cybersecurity incident response if its government or its “lifeline sectors” experience a ransomware attack. In addition, member governments plan to increase their information-sharing capabilities regarding ransomware infections.

One other thing to note about the CRI no-pay pledge: Governments are signing the pledge—but not businesses or other private-sector organizations. Though the CRI’s cybersecurity efforts should be helpful, the private sector is still mostly on its own in the battle against ransomware. But there are ways that it can fight and win.

Why this issue matters

Among the 50 CRI member countries, the USA is the most targeted by ransomware attacks. While the risk is particularly high for financial institutions, healthcare providers, and government agencies overseeing Medicaid and other benefits programs, just about any organization is susceptible to a ransomware attack. Hundreds of companies of all kinds fall victim every year. Last summer, news broke that three major law firms—Kirkland & Ellis, K&L Gates, and Proskauer Rose—were breached by a wide-ranging hack from the ransomware group Cl0p; so, it’s important to take cybersecurity seriously to protect not just yourself but your clients too.

It can take victims a long time to recover from an attack. Ransomware attacks can be financially draining. They can result in fines and job losses, and they can damage a company’s reputation–news of a successful ransomware attack can make a business look asleep at the switch, which doesn’t give current and potential customers much confidence. And making cybersecurity repairs after an attack adds even more expense.

Ransomware cybercriminals aren’t letting up. A report this fall from cyber-insurer Resilience states that the number of attacks in the first half of 2023 exceeded the total for all of 2022. The report does note that fewer companies appear to be paying up. Still, plenty of organizations are paying, and that’s likely to encourage cyber criminals to keep attacking. Another example shows the increased presence of cyber attacks, with around 800,000 reported cyber incidents that resulted in financial losses of between $7 billion and $10 billion in 2022. Ransomware remains a lucrative industry.

Download survey

Risk and Compliance Report


Overhead view of night scene of highway junctures and slow exposure lights

Understanding ransomware

However, there are cybersecurity strategies that any kind of business can use to protect itself through various stages. First, the organization needs to know its enemies.

What is ransomware?

Most organizations have a good basic idea of what ransomware is. However, a deeper understanding of what ransomware is can help them establish effective cybersecurity protocols.

In a ransomware attack, a cybercriminal installs a form of software called malware onto an individual’s computer. If that computer is connected to a business’s IT system, the malware can spread throughout the network. This gives the attacker access to the company’s operational and customer data. The malware allows the cybercrook to encrypt the data, rendering it inaccessible. The hacker then demands payment so that the business can be given the encryption key to unlock the data. If the ransom isn’t paid within a certain time, the cybercriminal can threaten to destroy the data–or release it online, where other cybercriminals can pay for and make use of it.

Does it ever make sense to pay the ransom?

Some organizations may decide that the answer to that question in certain situations is yes. A business may determine that paying the ransom is actually cheaper than the costs of operational downtime, data loss, and rebuilding its network. It may also believe that there’s no other way to protect its network or recover lost data.

It’s a sensible strategy—on the surface. But there’s no guarantee that paying the ransom will actually recover that data and its digital capabilities. The malware may still be lodged inside the company’s IT network, lurking there until the cybercriminals decide to reactivate it. By paying the ransom, an organization becomes identified as a soft touch. The sensible strategy thus becomes a cybersecurity failure.

In short, paying the ransom may be the only option, but it doesn’t get to the heart of the problem.

How can organizations prevent an attack?

All this means that the best approach to cybersecurity is to prevent ransomware attacks from infiltrating the organization’s IT system in the first place.

Few ransomware cybercriminals have the skills or patience to break down the gates protecting a company’s digital treasure trove. It’s much easier to have someone inside open the gates for them. Cybercriminals are using increasingly sophisticated phishing emails and other techniques designed to get employees to click on a link that unleashes malware, or to reveal their passwords. Ransomware cybercriminals continue to develop new ways to break through a company’s defenses. Most of those tactics will undoubtedly involve artificial intelligence to prevent a cyberattack. There’s already evidence that cybercriminals are using ChatGPT and other AI technologies to make their phishing attacks look more like “real” emails and text messages.

There are a number of cybersecurity strategies that organizations can use to resist. They should invest time and resources in training staff to recognize a cybercriminal’s digital con game. Using simple strategies such as multifactor authentication and strong passwords can protect a company’s IT. In addition, digital risk management and fraud detection tools can help detect attackers who might be lurking in the shadows of the company’s digital doorway.

By establishing robust cybersecurity strategies like these, a business should be able to sidestep the issue of whether to pay ransom to cybercriminals—even without a global agreement.

More answers