Singapore Contributes to Ransomware Guidance for Organisations

Published on 02 Oct 2024

       Mr. David Koh, Chief Executive of the Cyber Security Agency of Singapore (CSA), represented Singapore at the 4th Counter Ransomware Initiative (CRI) Summit 2024 held from 30 September to 3 October 2024 in Washington D.C.  Singapore and the United Kingdom, as co-chairs of the CRI Policy Pillar, received endorsement from CRI members and insurance bodies on the issuance of a new guidance to organisations on the steps to take during a ransomware incident. 

2     The CRI is a United States-led coalition of 68 member countries, committed to work together against ransomware threats. Singapore’s participation in the CRI complements our efforts to effectively combat ransomware domestically, as set out in the recommendations by Singapore’s Counter Ransomware Taskforce set up in 2022.  This is the fourth time that Singapore is participating in the CRI Summit and the third year that we are co-chairing the Policy Pillar with the United Kingdom. Mr. David Koh said, “The fourth CRI Summit, with participation from more countries than ever before, is testament to the consensus shared by members that ransomware criminals are a common security concern, and we need to take a multilateral approach to hold these criminals accountable, deny them safe haven, and take collective measures to undercut the ransomware ecosystem.”  

3     At the CRI Summit, CRI members discussed ways to raise the cybersecurity of Internet-of-Things. They agreed to strengthen their collective resilience by taking a coordinated, multi-national approach to develop a plan to institute secure-by-design principles, including mapping existing cybersecurity requirements, regulations, standards and guidelines for Internet-of-Things devices. 

4     Additionally, CRI members endorsed the use of a “Guidance for Organisations During Ransomware Incidents”, led by Singapore and the United Kingdom, to help victim organisations make informed decisions when facing a ransomware incident (refer to Annex). This Guidance advises victims to seek expert and legal advice, inform the authorities, take mitigating measures and evaluate all possible options before ultimately considering whether to make a ransomware payment to a cybercriminal group. As a general approach, organisations are strongly discouraged from making payment, in line with the joint statement issued at the 3rd CRI Summit in 2023.1

5     Together, we can strengthen and support organisations’ resilience against ransomware. The Guidance would serve as a practical guide for companies to review their business continuity plans, and develop and implement policies, procedures, frameworks and communication plans in advance of any ransomware incident.  

6     In addition, Singapore and the United Kingdom announced plans to conduct a second table-top exercise in 2025. Both sides had previously organised a simulated tabletop exercise in June 2024 to test and enhance members’ policy and operational coordination and response during a ransomware incident in the healthcare sector. A total of 37 countries participated in the exercise. 

7     Singapore will continue to contribute to the CRI efforts to strengthen international cohesion and collaboration on counter-ransomware policies in 2025.

 

Annex



 

About the Cyber Security Agency of Singapore 

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. 

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.

 


 

Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident