The White House on Nov. 1 wrapped up its two-day International Counter Ransomware Initiative (CRI) Summit that produced a lengthy list of goals for participant countries to shoot for in curbing ransomware attacks.
At the top of that list, the 36 nation-state members of the CRI agreed that they will put together an international task force to combat ransomware that. The task force will be led by Australia, and called the International Counter Ransomware Task Force (ICRTF).
“ICRTF members will commit to contribute to joint work of the coalition through information and capability sharing, as well as joint action in the fields of resilience, disruption, and countering illicit finance,” stated the White House fact sheet.
CRI members will be working on numerous other or the coming year, including:
- Creating a fusion cell at the Regional Cyber Defense Centre (RCDC) in Kaunas, Lithuania, to test a scaled version of the ICRTF and operationalize ransomware-related threat information sharing commitments;
- Delivering an investigator’s toolkit, including lessons learned and strategies for responding to significant ransomware events;
- Instituting active and enduring private-sector engagement based on trusted information sharing and coordinated action to improve joint work towards operational disruption;
- Publishing joint advisories outlining tactics, techniques, and procedures (TTPs) for key identified actors;
- Coordinating priority targets through a single framework;
- Developing a capacity-building tool to help countries utilize public-private partnerships to combat ransomware;
- Undertaking biannual counter ransomware exercises to further develop, strengthen, and integrate our collective approach to combatting ransomware from resilience to deterrence;
- Holding a second counter-illicit finance ransomware workshop led by the U.S. Treasury Department;
- Taking joint steps to stop ransomware actors from being able to use the cryptocurrency ecosystem;
- Actively sharing information between the public and private sectors;
- Pursuing the development of aligned frameworks and guidelines to prevent and respond to ransomware;
- Addressing ransomware across appropriate multilateral formats to establish broader-based practices, actions, and norms around countering ransomware activity and responses; and
- Coordinating cyber capacity building programs strategically to strengthen resilience, disruption capabilities, legal frameworks, and law enforcement capacity to combat ransomware other countries.
One of the primary themes in a public session of the meetings was the need for cooperation by not only international partners, but also the need for private and public entities to collaborate on ransomware challenges.
Jake Sullivan, national security advisor to President Biden, in his closing remarks reiterated the need for more cooperation between private and public organizations.
“I was also pleased to see that you’ve integrated for the first time the private sector and private companies from across the world into these CRI conversations, because you know as well all know – sometimes to our benefit, sometimes to our detriment, hopefully more and more to our benefit – private firms and companies often have the key information before we have it as governments – so we need to work together,” stated Sullivan.
The push for more robust protections against ransomware attacks come as a new analysis report from the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) shows that many ransomware attacks are connected with Russian interests.