International Counter Ransomware Initiative 2023 Joint Statement

The 50 members of the International Counter Ransomware Initiative (CRI) – Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, Czech Republic, Dominican Republic, Egypt, Estonia, European Union, France, Germany, Greece, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, Netherlands, New Zealand, Nigeria, Norway, Papua New Guinea, Poland, Portugal, Republic of Korea, Romania Rwanda , Sierra Leone, Singapore, Slovakia, South Africa, Spain, Sweden, Switzerland, Ukraine, United Arab Emirates, United Kingdom, United States and Uruguay – met in Washington, DC on October 31 – November 1, 2023 for the third meeting of the CRI. Previously participating states welcomed Albania, Colombia, Costa Rica, Egypt, Greece, INTERPOL, Jordan, Papua New Guinea, Portugal, Rwanda, Sierra Leone, Slovakia and Uruguay as new CRI members.

At the third CRI meeting, members reaffirmed our shared commitment to build our collective resilience to ransomware, work together to undermine the viability of ransomware and prosecute the actors responsible, counter illicit financing underlying the ransomware ecosystem, working with the private sector to defend against ransomware attacks, and continuing to collaborate internationally on all elements of the ransomware threat.

Over the past year, this group of countries and organizations has grown and built on the commitments made at the second meeting of the CRI in 2022. By unveiling operational tools, the International Counter Ransomware Task Force (ICRTF), established at the meeting last year, began developing platforms for coordinating and disrupting ransomware at the operational level. By adding thirteen new members to the coalition, the Diplomacy and Capacity Building Pillar expanded the CRI’s like-minded umbrella and integrated capacity building efforts across all CRI pillars and working groups. The policy pillar led to efforts to counter the business model underlying the ransomware ecosystem. This included research into cyber insurance, victim behavior, seizure and seizure of virtual assets, ransom payments, and best practices in incident reporting and information sharing. Throughout the year, the coalition has sought to engage the private sector and integrate capacity building at every opportunity.

We remain committed to using all appropriate instruments of national power to achieve these goals and are jointly committed to the following actions in support of this mission.

Key CRI results for 2023

This year’s CRI meeting focuses on developing capabilities to disrupt attackers and the infrastructure they use to carry out their attacks, improving cybersecurity through information sharing, And fight back against ransomware actors.

Develop capabilities

• Leading one mentorship and tactical training program for new CRI members to build their cyber capacity, including Israel as a mentor to Jordan;
• Launch a project to deploy artificial intelligence to combat ransomware;

Sharing information

• Launch innovatively sharing information platforms enable CRI member states to quickly share threat indicators, including the Lithuanian Malware Information Sharing Project (MISP) and Israel and the UAE’s Crystal Ball platforms;
• Building the CRI website, maintained by Australia, including a forum where members can ask for help of CRI members;
• Encouraging reporting of ransomware incidents to relevant government authorities; And
• Sharing useful information with CRI members.

Fight back

• Developing the very first joint CRI policy rack explain that Member State governments should not pay ransoms;
• Creating one shared wallet blacklist through the U.S. Treasury Department’s commitment to share data on illicit wallets used by ransomware actors with all CRI members;
• Commit to it assist each CRI member with incident response if their government or lifeline sector is hit by a ransomware attack.

The CRI offers the opportunity to create long-term collaborative approaches and common understandings of accountability in cyberspace, in accordance with international law and state actions as embodied in the Framework for Responsible State Behavior in Cyberspace, adopted by all United Nations Member States endorsed.

Through the policy pillar, CRI members affirmed the importance of strong and aligned messaging that discourages ransomware demand and sets a good example. CRI members endorsed a statement that relevant institutions under our national government authority should not pay ransomware extortion demands. CRI members plan to implement Financial Action Task Force (FATF) Recommendation 15 on the regulation of virtual assets and related service providers, which would help curb the illicit flow of funds and disrupt the ransomware payment ecosystem. CRI members also affirmed the importance of encouraging reporting of ransomware incidents within their own jurisdictions, and sharing meaningful information to strengthen our collective efforts to disrupt ransomware actors. The Policy Pillar also explored the central role of the cyber insurance industry in tackling ransomware, pledging to increase engagement with the industry and research the importance of developing effective crypto asset seizure regimes.

In the coming year, the Diplomacy and Capacity Building pillar will continue to expand the CRI’s mentorship and onboarding program. The Pillar will prioritize opportunities to inform potential new members about the initiative, and will develop tailored capacity building opportunities to meet the needs and requests of members and potential new members.

Going forward, the ICRTF will build on the successes of its first year by operationalizing the tools and platforms developed by its members. Members will work to gain a comprehensive understanding of the ransomware threat by sharing information and exchanging knowledge through virtual seminars and labs. Members plan to create and share resources to build their national capacity to combat ransomware, working closely with the other pillars to develop practical tools for governments to prevent, respond and respond to ransomware attacks recover from it, enhance the cyber capabilities of the existing CRI membership, and advocate for new membership for the countries that will benefit most from what the CRI has to offer. The ICRTF will also continue to support transnational operations of its members and work with industry to target disruptive activities on key components of the ransomware ecosystem, recognizing that ransomware is a cross-border and cross-sector threat that requires close cooperation between governments and sectors required. combat effectively.

The third meeting of the CRI used the expertise of like-minded partners, private sector participants and capacity building experts to further shape the cyber environment so that members are better equipped to combat ransomware. Members from around the world reaffirmed our shared commitment to building our toolkit for collective resilience against ransomware, working together to disrupt ransomware, and working together to curb the illicit flow of funds on which ransomware actors depend. We are building capacity through long-term collaboration and refining our understanding of accountability in cyberspace, moving us one step closer to rooting out criminal actors and responding with collective resolve. Members express their gratitude to the countries that have taken a leading role in the CRI: the United States as Secretariat; Australia as leader of the ICRTF; Singapore and the United Kingdom as a leading policy pillar; and Germany and Nigeria as a pillar for diplomacy and capacity building. Through the Initiative’s annual meeting and the dedicated work that takes place between each meeting, we commit to working together at the policy and operational levels to counter ransomware threats and hold the perpetrators of these vicious attacks accountable.

###