Representatives of 36 countries – including both the UK and Ukraine – and the European Union (EU) have issued a joint statement reaffirming their commitment to tackling ransomware. They were in Washington DC for the second International Counter Ransomware Initiative (ICRI) Summit convened by the White House.
The first such event was held online only in the autumn of 2021, and in the past 12 months, ICRI partners have been collaborating on five core goals – to increase resilience, disrupt ransomware cartels, counter money laundering, build partnerships with private sector cyber firms, and strengthen international cooperation.
The second event built on the foundations laid by the first with an agenda focused across those same five goals. The White House also invited 13 cyber security companies to join proceedings and have their say on what they feel governments should be doing to counter ransomware, what the private sector should be doing, and what can be done together.
US deputy treasury secretary Wally Adeyemo said: “It is a clear testament to both the grave threat that ransomware poses and the critical importance of international cooperation that we have such strong participation from countries across the globe during this Summit.
“We may approach the challenge of ransomware with a different lens – and in some cases, an entirely different set of tools – but we are all here because we know that ransomware remains a critical threat to victims across the globe and continues to be profitable for bad actors.
“In fact, we know that hackers around the world consider conducting ransomware attacks the most profitable scheme on the internet – more profitable even than selling illegal drugs via darknet markets and stealing and selling stolen credit cards.”
Adeyemo added: “In the midst of this landscape, it is more important than ever that we come together to share what we are seeing through our unique lenses and learn from each other’s best practices.”
Positive work that has already been done in the 12 months since the first event includes work on combating the role of cryptocurrency in ransomware in Singapore and the UK, work on diplomacy in Germany, and work on public-private partnerships in cyber in Spain.
In the joint statement, the members said they would continue to work towards achieving their five stated goals, and support the implementation of the previously endorsed UN framework for responsible state behaviour in cyber space, specifically the voluntary norm that countries should cooperate on such issues.
Going forward, the ICRI members said they planned to establish a voluntary International Counter Ransomware Taskforce (ICRTF) that will be tasked with developing cross-sectoral tools and threat intel exchange, and consolidate policy and best practice guidance. The taskforce will ultimately produce publicly available reports on ransomware tools, tactics and procedures, and will collaborate with the private sector through an ancillary industry chapter.
The coalition also shared more details of the launch of a pilot information-sharing platform – developed between Israel and the United Arab Emirates – where state-level officials can swap advice, learnings and mitigations, to which private sector cyber companies will also eventually have access. The group also plans to develop a tool that will help countries use public-private partnerships to fight ransomware.
The group also vowed to substantially increase levels of enforcement action against ransomware operators, and to take more decisive steps to counter the underground crypto laundries that underpin the “success” of the cyber criminal ecosystem. This will include establishing new mechanisms to notify financial institutions and virtual asset platforms of ransomware payments to seize funds more easily, to promote anti-money laundering and combating the financing of terrorism tools, including know-your-customer policies, within the virtual asset ecosystem.
Also, the collective agreed that diplomatic engagement is a vital tool in the global community’s fight against ransomware, and committed to working more deeply with a full spectrum of stakeholders on focused, regional action plans, multilateral frameworks and capacity-buiilding programmes. ICRI member states will also now conduct a series of biannual cyber exercises, which will contribute to the ICRTF’s “living toolkit”.
Remediant CEO Raj Dodhiawala commented: “As we continue to see – and, sadly, experience – the detrimental impacts that ransomware brings to healthcare and critical infrastructure, the summit is a solid, proactive step from the White House. However, what really matters is what actions will come out of these conversations.
“Minimum regulatory requirements provide a good starting point when ensuring adequate cyber security posture, but government leaders must focus on adapting to an ever-changing cyber security landscape as attackers adopt more sophisticated strategies and techniques that continue to target verticals like healthcare organisations and critical infrastructure.”
The established member states of the ICRI are: Australia, Austria, Brazil, Bulgaria, Canada, Croatia, Czechia, Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Poland, Romania, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, the UAE, the UK, the US, Ukraine and the EU. This year, Belgium has also joined the group.