Ransomware is a growing, international threat. It’s also an insidious one.
The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public.
In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline attack and the attack on US meatpacking company, JBS — proved that this threat could no longer be ignored. In fact, American financial institutions lost $1.2 billion in costs associated with ransomware attacks in 2021, according to data reported by banks to the U.S. Treasury Department.
Incidents are on the rise, ransoms are on the rise, and the world has finally had enough. And so last year, the White House launched an initiative to attack the problem.
The first summit
The White House held two international ransomware summits in the past two years, the first took place in 2021 and included 30 nations, plus the E.U.
Participants in the first international Counter Ransomware Initiative (CRI) summit promised to share ransomware intelligence, prosecute ransomware crimes, disrupt ransomware funds transfers and work together on eliminating safe havens for ransomware gangs through diplomacy.
The initiatives were carried out by five working groups: resilience (led by Lithuania and India), disruption (led by Australia), counter illicit finance (led by the U.K. and Singapore), public-private partnership (led by Spain) and diplomacy (led by Germany). These working groups shared information and expertise in order to prepare for future ransomware attacks.
Although the first summit was a success, the most recent summit got far more ambitious.
The second summit
The second international CRI summit took place from October 31 to November 1, 2022. This time, a total of 36 countries participated in addition to the EU.
The participants had not been idle during the interim. The White House claimed that since the initial summit, the CRI “worked to increase the resilience of all CRI partners, disrupt cyber criminals, counter illicit finance, build private sector partnerships and cooperate globally to address this challenge.”
At the second summit, the White House decided to bring in an international representative group of security and technology-focused companies, including Crowdstrike, Mandiant, Cyber Threat Alliance, Microsoft, Cybersecurity Coalition, Palo Alto Networks, Flexxon, SAP, Institute for Security + Technology, Siemens, Internet 2.0, Tata – TCS and Telefonica.
Participants created an International Counter Ransomware Task Force (ICRTF), led by Australia. They also opted to establish a fusion cell at the Regional Cyber Defense Centre (RCDC) in Kaunas, led by Lithuania, as a kind of testing sandbox to experiment with a scaled version of the ICRTF.
They further planned to distribute what they call an investigator’s toolkit — basically, documented best practices for disrupting and shutting down cyber criminals — as a manual for “tactics, techniques, and procedures”.
The group plans to bring in the private sector with information sharing and coordinated action against ransomware gangs. They will also publish advisories, coordinate priority targets through a single framework and conduct biannual counter-ransomware exercises.
Interestingly, the group intends to take action to prevent ransomware perpetrators from the use and laundering of cryptocurrencies. This project involves sharing information about crypto wallets globally, sharing best practices about blockchain tracing and pushing identity authentication for crypto transactions.
The key takeaways
The number-one issue at the second summit was the borderless nature of ransomware. That alone is why international cooperation is so necessary. In fact, that’s one of the interesting elements of ransomware as a phenomenon. Ransomware gangs find safe havens in rogue nations and operate with impunity. There, they are able to run their operations like legitimate businesses, publishing blogs and offering “tech support”.
A second point underscored is that ransomware isn’t just a financial threat. It also threatens national security and the proper functioning of societies. Ransomware attacks on targets involving large businesses, crucial infrastructure or the military could affect national security. They even have the capacity to trigger a hot war.
And, finally, the group emphasized the need to develop an international legal framework for prosecuting criminals.
In a nutshell, the summit’s approach is to attack all vectors of ransomware — knowledge, resources, money, security architecture, international and domestic law, diplomacy and more.
How does this impact businesses?
The Public-Private Partnership (P3) Working Group, chaired by Spain, is working on a tool for public-private partnerships to address ransomware. The tool will feature case studies that show paths to successful efforts to combat ransomware.
This tool will no doubt prove to be a huge boon for organizations at risk of ransomware attacks. When combined with thought leadership, best practices and actual legal action, the benefits will only increase.
More than tools and resources, the greatest boon is to make it harder for criminal gangs to operate. A safer cyber world requires increased prosecutions and a reduction in safe havens from which to commit ransomware crimes.
For businesses and organizations that are potentially vulnerable to ransomware attacks, the work of the CRI is very welcome. While security best practices can help protect individual organizations, they continue to need support from global partnerships. As long as the ransomware gangs can operate from rogue nations and benefit from money laundering opportunities present in cryptocurrency systems, the international community will need to face this threat together.
The CRI is sharing knowledge, channels for cooperation, legal frameworks and more to protect the world against the scourge of ransomware.