In the war against ransomware, we appear to be losing.

Leading up to the recently concluded Second International Counter Ransomware Initiative Summit, a Biden Administration Official said, “So, we’re seeing the pace and the sophistication of the ransomware attacks increasing faster than our resilience and disruption efforts”.

This reality can be seen by the fact that U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks in 2021. This is an almost 200% increase over the previous year, according to data reported by banks to the U.S. Treasury Department.

Given the continued ransomware assault, the White House has outlined a response plan for 2023.

Second International Counter Ransomware Initiative

From October 31 to November 1, the White House convened 36 countries in addition to the E.U. for the Second International Counter Ransomware Initiative (CRI) Summit. During the Summit, the CRI and private sector partners discussed and developed cooperative security strategies. The goal was to deter the spread and impact of ransomware worldwide.

Throughout 2022, the CRI’s efforts against ransomware were carried out by the following working groups:

• Resilience (co-led by Lithuania and India)
• Disruption (led by Australia)
• Counter illicit finance (led by the U.K. and Singapore)
• Public-private partnership (led by Spain)
• Diplomacy (led by Germany).

This year’s Summit built upon the working groups’ past experience with new plans for 2023.

Counter Ransomware Initiative Plans for 2023

For next year, the CRI outlined multiple tactics to improve security against the ransomware threat. According to the White House, this will include priorities such as:

• Establishing an International Counter Ransomware Task Force (ICRTF). The ICRTF will coordinate resilience, disruption, countering illicit finance and information and capability sharing. Australia will lead this effort.
• Creating a fusion cell at the Regional Cyber Defense Centre (RCDC) in Kaunas, Lithuania. The cell will test a scaled version of the ICRTF and operationalize ransomware-related threat intelligence. The idea is to share technical information about ransomware (tools, tactics and procedures, or TTP) with a broad spectrum of stakeholders.
• Delivering an investigator’s toolkit. This includes insights and strategies about how to respond to significant ransomware threats. The toolkit will also focus on offensive measures to effectively disrupt threat operations. Subsequently, CRI partners will benefit from the breadth of expertise and technical capability generated by the working groups.
• Engage with the private sector. Trusted information sharing and coordinated action with the private sector will further improve responses to operational disruption.
• Publish joint advisories. These will outline TTPs for key identified actors. Joint public advisories will also offer warning and mitigation measures to the international community.
• Coordinate priority targets. In this case, a unified framework will focus on hard and complex targets. The goal is to create concrete disruption results with law enforcement groups.

Fighting the Ransomware Battle

As ransomware continues to inflict significant damage across the globe, the CRI seeks to improve collaboration and provide tools to help counter the threat. Ransomware protection solutions will continue to evolve to meet organizational needs worldwide.

To fortify your knowledge and defenses against ransomware, IBM Security has published the Definitive Guide to Ransomware 2022.

To schedule a no-cost consult with X-Force, click here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: U.S. hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.