by Jeanne Zepp

Ransomware is a major issue affecting U.S. businesses and private individuals. However, we are not the only nation dealing with this problem. It is an international scourge perpetrated by bad actors from around the globe, often working in tandem.

This shared problem called for a collective response and, in 2021, the White House facilitated the first meeting of the Counter-Ransomware Initiative (CRI), attended virtually by over 30 countries. Participants included Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, and United Kingdom. Notably, Russia and China were not among the invitees.

The initiative seeks to minimize and eventually eradicate future ransomware attacks by focusing on ransomware disruption, attack resilience, digital currency misuse, and countermeasures enhanced by mutual cooperation. In her after action report, Deputy National Security Advisor Anne Neuberger reported that the meeting represented “the first time that delegations brought together experts that usually operate in parallel channels, like law enforcement, cyber resilience, diplomacy, financial regulators … to consider how we better connect and integrate those efforts to see where cooperation is working … and where it isn’t ….”

The initiative seeks to minimize and eventually eradicate future ransomware attacks.

In fall 2022, the Second International CRI Summit took place. Notably, this summit incorporated a new perspective: the input of 13 private-sector organizations. A White House fact sheet reported that the CRI had achieved progress in its focus areas between summits. Further, it identified eight specific efforts envisioned for 2023:

1. Create, under Australian leadership, an International Counter Ransomware Task Force (ICRTF). Notably, the ICRTF launched in January 2023.
2. Test, under the leadership of Lithuania, a scaled version of the ICRTF and operationalize information sharing related to ransomware threats.
3. Deliver an investigator’s toolkit, including lessons learned and strategies.
4. Engage the private sector in an active and ongoing way.
5. Issue advisories on bad actors that include specifics on tactics, techniques and procedures.
6. Prioritize targets jointly and, with law enforcement groups, achieve concrete disruption results.
7. Create a capacity-building tool that chronicles successful public-private partnerships employed against ransomware.
8. Conduct biannual counter-ransomware exercises.

Notably, cryptocurrency use in ransomware schemes remains a primary concern. The fact sheet advises that CRI participants will convene a second workshop addressing ways to thwart such illicit financial activity and “build capacity on blockchain tracing and analytics, which would include a tabletop ransomware exercise, coordinated with law enforcement.” In addition, CRI partners will help create and enact international standards to thwart cryptocurrency use and share techniques used by bad actors to disguise the source of their digital currency.

The recently released National Cybersecurity Strategy rightly classifies ransomware as a “borderless challenge requiring international cooperation.” Information sharing among partner countries will be central to the success of this anti-ransomware network as will be a cohesive plan of action grounded in communication. The White House counted the development of “concrete, cooperative actions to counter the spread and impact of ransomware around the globe” among the many outcomes of the Second International CRI Summit.

Information sharing among partner countries will be central to the success of this anti-ransomware network.

Cooperative efforts do not, however, eliminate the need for each nation to adopt a strong individual posture on ransomware. The U.S. National Cybersecurity Strategy delineates several concrete actions that include:

1. Launching ongoing, focused disruption campaigns.
2. Targeting cryptocurrency exchanges involved with ransomware.
3. Enforcing existing U.S. financial controls and supporting implementation of international standards.
4. Removing the financial incentive of ransomware by (a) encouraging victims not to pay ransoms and/or (b) tracing and recovering ransomware payments.
5. Reporting extortion efforts to law enforcement officials regardless of the pay‒no pay decision made.

An African proverb tells us that it takes a village to raise a child. Common sense tells us that a strong national posture complemented by a proactive international effort is the best way to eradicate highly organized ransomware gangs characterized by collaboration, shared techniques, ransomware-as-a-service software offerings, and more. In other words, it takes a network to bring down a network.