The White House held the third annual Counter Ransomware Initiative (CRI), convening 50 entities – 48 countries, the European Union, and Interpol – to discuss combating ransomware. During this year’s summit, members were focused on: 

  1. Developing capabilities to disrupt attackers and their infrastructure
  2. Improving cybersecurity through information-sharing and
  3. Fighting back against ransomware actors.

Out of the summit, there were a few notable deliverables. The first being that nearly all of the governments signed a pledge against paying ransoms to hackers. As the first-ever collective statement of this kind, it signaled a powerful unified front denying cybercriminals the incentives they seek to persist and profit from their attacks. 

Albeit inspiring, officials have publicly noted that the pledge is not binding, raising questions on the effectiveness of the commitment. With the way that the agreement is written, it doesn’t lead to a ban, includes carve-outs for emergencies and still gives governments room to decide on a case-by-case basis whether a ransom payment is warranted. 

Additionally, the U.S. Department of the Treasury published a "blacklist" containing details on cryptocurrency wallets implicated in previous ransom transfers. The idea behind this is to use artificial intelligence to analyze blockchains, potentially halting transactions originating from flagged wallets. 

Finally, the CRI also led to additional information sharing capabilities by Lithuania, Israel and the United Arab Emirates that will enable member countries to quickly exchange news of threat indicators. 

There is no doubt that ransomware is a cross-border, transnational threat that demands international collaboration. As the coalition of countries work to expand their influence, potential projects in the future may include formalizing CRI processes by determining governance frameworks, exploring how partnerships with the cyber insurance industry can help in countering ransomware, and how countries should work together with AI and other emerging technologies. To learn more about this year’s summit and its outcomes, click here. 

Tanvi Chopra

Read Next

Progress Report: National Cyber Workforce and Education Strategy

The Office of the National Cyber Director released an Initial Stages of Implementation report on the National Cyber Workforce and Education Strategy showing progress made thus far.

Chevron Pattern Disrupted: The Impact on Cybersecurity Regulations

The Supreme Court struck down a long-standing precedent on the power of federal agencies to interpret and clarify the laws they enforce. The ruling will likely have a sweeping effect on regulations, including cybersecurity rules, in every sector.

EU Cyber Policy with Despina Spanou (DCP S2 E5)

In our latest Distilling Cyber Policy podcast, our hosts are joined by Despina Spanou, the Head of the Cabinet of the Vice-President of the European Commission. In her role, Despina oversees the EUs policies on security, migration, and other topics.