Thirty-nine countries and global cyber insurance bodies have endorsed new guidance at the 2024 Counter Ransomware Initiative Summit.


The UK and 38 countries including Australia, Canada, Japan, the United States and New Zealand have united with international cyber insurance bodies to back important new guidance supporting organisations experiencing ransomware attacks and to boost global resilience.

The new guidance – agreed yesterday (1 October 2024) at the Counter Ransomware Initiative – will encourage organisations to carefully consider their options instead of rushing to make payments to cyber criminals in an attempt to stop disruption and data loss. It makes clear that paying a ransom will often only embolden these criminals to target other victims, and there is no guarantee of data retrieval, malware removal or the end of a ransomware attack.  

Instead, organisations are encouraged to report attacks to law enforcement authorities, check if data backups are available and get advice from recognised experts. They should also take action ahead of a possible attack by preparing policies, frameworks and communications plans as part of contingency planning. 

The new guidance will ultimately help undermine the business model of ransomware criminals and take away the incentive to target other organisations elsewhere, preventing future attacks and boosting global resilience.

Security Minister Dan Jarvis said:

Cyber criminality does not recognise borders.

That is why international co-operation is vital to tackle the shared threat of ransomware attacks.

This guidance will hit the wallets of cyber criminals, and ultimately help to protect businesses in the UK and around the world.

Ransomware is the biggest cyber threat to most UK businesses and organisations, as cyber criminals constantly evolve their tactics to increase efficiency and boost profits, and last year was the worst year on record for ransomware payments, with more than $1 billion lost to victims worldwide, according to industry estimates by Chainanalysis.

As part of a crackdown on cyber criminals, this week the UK sanctioned sixteen individuals linked to the Evil Corp cyber gang in joint action with the US and Australia.

The prolific, long-standing Russian cybercrime group, Evil Corp had previously conducted malware and ransomware attacks on UK health, government and public sector institutions, as well as private commercial technology companies.

It was also revealed that Evil Corp actors had links to ransomware group LockBit. The National Crime Agency’s infiltration of LockBit, earlier this year revealed that cyber criminals often retained data even after victims paid a ransom on the promise it would be deleted. 

The UK has led the way in this collaborative approach with the cyber insurance industry, who can play a key role in supporting organisations before, during and after a ransomware incident.

In May, the National Cyber Security Centre and 3 major UK insurance bodies (the Association of British Insurers, the British Insurance Brokers’ Association and the International Underwriting Association) joined forces to launch co-sponsored guidance for UK organisations.

NCSC Director for National Resilience Jonathon Ellison said:

Ransomware remains an urgent threat and organisations should act now to boost resilience.

The endorsement of this best practice guidance by both nations and international cyber insurance bodies represents a powerful push for organisations to upgrade their defences and enhance their cyber readiness.

This collective approach, guided by last year’s CRI statement denouncing ransomware and built on guidelines from the NCSC and UK insurance associations earlier this year, reflects a growing global commitment to tackling the ransomware threat.

The CRI is the only dedicated multilateral forum for UK and international partners to come together to develop new policies and processes to combat ransomware.

Last year, the forum agreed groundbreaking joint statement again led by the UK and Singapore denouncing ransomware payments and confirming, for the first time, that no central government funds should be used to pay demands.

The new guidance comes as Cyber Security Awareness Month begins, which this year focuses on the importance of businesses building their cyber resilience.

Updates to this page

Published 2 October 2024