February 15, 2023 By Jonathan Reed 2 min read

In the war against ransomware, we appear to be losing.

Leading up to the recently concluded Second International Counter Ransomware Initiative Summit, a Biden Administration Official said, “So, we’re seeing the pace and the sophistication of the ransomware attacks increasing faster than our resilience and disruption efforts”.

This reality can be seen by the fact that U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks in 2021. This is an almost 200% increase over the previous year, according to data reported by banks to the U.S. Treasury Department.

Given the continued ransomware assault, the White House has outlined a response plan for 2023.

Second international counter ransomware initiative

From October 31 to November 1, the White House convened 36 countries in addition to the E.U. for the Second International Counter Ransomware Initiative (CRI) Summit. During the Summit, the CRI and private sector partners discussed and developed cooperative security strategies. The goal was to deter the spread and impact of ransomware worldwide.

Throughout 2022, the CRI’s efforts against ransomware were carried out by the following working groups:

  • Resilience (co-led by Lithuania and India)
  • Disruption (led by Australia)
  • Counter illicit finance (led by the U.K. and Singapore)
  • Public-private partnership (led by Spain)
  • Diplomacy (led by Germany).

This year’s Summit built upon the working groups’ past experience with new plans for 2023.

Counter ransomware initiative plans for 2023

For next year, the CRI outlined multiple tactics to improve security against the ransomware threat. According to the White House, this will include priorities such as:

  • Establishing an International Counter Ransomware Task Force (ICRTF). The ICRTF will coordinate resilience, disruption, countering illicit finance and information and capability sharing. Australia will lead this effort.
  • Creating a fusion cell at the Regional Cyber Defense Centre (RCDC) in Kaunas, Lithuania. The cell will test a scaled version of the ICRTF and operationalize ransomware-related threat intelligence. The idea is to share technical information about ransomware (tools, tactics and procedures, or TTP) with a broad spectrum of stakeholders.
  • Delivering an investigator’s toolkit. This includes insights and strategies about how to respond to significant ransomware threats. The toolkit will also focus on offensive measures to effectively disrupt threat operations. Subsequently, CRI partners will benefit from the breadth of expertise and technical capability generated by the working groups.
  • Engage with the private sector. Trusted information sharing and coordinated action with the private sector will further improve responses to operational disruption.
  • Publish joint advisories. These will outline TTPs for key identified actors. Joint public advisories will also offer warning and mitigation measures to the international community.
  • Coordinate priority targets. In this case, a unified framework will focus on hard and complex targets. The goal is to create concrete disruption results with law enforcement groups.

Fighting the ransomware battle

As ransomware continues to inflict significant damage across the globe, the CRI seeks to improve collaboration and provide tools to help counter the threat. Ransomware protection solutions will continue to evolve to meet organizational needs worldwide.

To fortify your knowledge and defenses against ransomware, IBM Security has published the Definitive Guide to Ransomware 2022.

To schedule a no-cost consult with X-Force, click here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: U.S. hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked. “About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced. In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a…

DOJ’s crackdown: A brief look at hacker group takedowns

3 min read - The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders. The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ's offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists. Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today