10/02/2024 | Press release | Distributed by Public on 10/02/2024 10:05
The Biden-Harris Administration remains committed to fostering international partnerships to disrupt the global scourge of ransomware. This week, the White House convened the International Counter Ransomware Initiative (CRI) for its fourth meeting in Washington, D.C. During the four-day event, the Initiative's nearly seventy members discussed methods to counter ransomware attacks in the healthcare industry, collaboration with cyber insurers and the private industry to reduce ransomware payments and increase incident reporting, the security of our critical infrastructure and Internet of Things (IoT), efforts to increase the capacity and incident response capabilities of members, and best practices to counter the flow of money through virtual assets that motivates ransomware actors.
This year, the Initiative welcomed 18 new members-Argentina, Bahrain, Cameroon, Chad, the Council of Europe, Denmark, the ECOWAS Commission, Finland, the Global Forum on Cyber Expertise, Hungary, Morocco, the Organization of American States, the Philippines, the Republic of Moldova, Slovenia, Sri Lanka, Vanuatu, and Vietnam-who participated in the gathering along withAlbania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, the Czech Republic, the Dominican Republic, Egypt, Estonia, the European Union, France, Germany, Greece, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Papua New Guinea, Poland, Portugal, the Republic of Korea, Romania, Rwanda, Sierra Leone, Singapore, Slovakia, South Africa, Spain, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, the United States, and Uruguay.
At the gathering, CRI members advanced the Initiative's commitments to resilience, cooperation, and disruption through the CRI's Policy Pillar, Diplomacy and Capacity Building Pillar, and the International Counter Ransomware Task Force (ICRTF). The Initiative launched a new Public-Private Sector Advisory Panel, led by Canada, establishing a trusted set of private sector partners for CRI members to rely on when faced with responding to ransomware attacks.
The CRI Policy Pillar
Under the leadership of Singapore and the United Kingdom, the Policy Pillar oversaw several projects focused on policy areas impacting ransomware. The Pillar developed policy guidance, with support from France, the Netherlands, and Kenya, to minimize the overall impact of a ransomware incident on an organization. France and the Netherlands led a project on cyber insurance, and facilitated a workshop for insurers to discuss how the insurance sector could support companies during a ransomware incident and increase their insurance accessibility. Under the auspices of the Pillar's workplan, Australia released an international 'Ransomware Playbook' providing guidance to businesses on how to prepare for, deal with, and recover from a ransomware or cyber extortion attack. Switzerland and the United States led an incident reporting project, sharing best practices on mandatory reporting, factors to consider during implementation, outlining key information to provide at the first instance of a ransomware attack. Albania led a project to enhance implementation of the Financial Action Task Force's (FATF) Recommendation 15 on the regulation of virtual assets and related services providers, which will help stem the illicit flow of funds and disrupt the ransomware payment ecosystem that fuel the ransomware industry. The US and UK completed a project on secure software and labeling principles, producing a report that summarizes the most common software vulnerabilities and misconfigurations that lead to ransomware attacks, and provided actions for software manufacturers to take to address them. The UK and Singapore also led a simulation exercise focused on enhancing members' policy and operational coordination during a ransomware attack in the healthcare sector.
In 2025, the Pillar plans to advance policies to reduce ransomware payments globally, enhance incident reporting frameworks, explore how partnerships with cyber insurance industry can assist in countering ransomware, and raise the overall cybersecurity posture against ransomware attacks through cybersecurity standards and best practices.
The CRI Diplomacy and Capacity Building Pillar
The Diplomacy and Capacity Building Pillar, led by Germany and Nigeria, expanded the CRI's reach by adding eighteen new members to the coalition and incorporating capacity building efforts throughout all CRI efforts. Among the Pillar's substantial contributions was a project taking stock of CRI members' capacity building assets and needs, continued support for the mentorship and onboarding program, and the promotion of the CRI to potential new members. Throughout the coming year, the Pillar will further elevate the initiatives' global profile and set out to leverage existing capacity building initiatives to provide opportunities to members and help bridge their capacity gaps.
The International Counter Ransomware Task Force (ICRTF)
ICRTF, led by Australia and Lithuania, developed an INTERPOL-led comparative report analyzing Ransomware Interventions and Remediation in CRI members' jurisdictions. Australia, in their role as ICRTF co-chair, launched a website and member portal for the CRI to share information and best practices between members as well as foster collaboration.
Advancing the Initiative through Action
Together, members of the CRI took bold new actions to further advance the initiative, including:
###