More than 30 countries outline efforts to stop ransomware after White House virtual summit

The countries agreed ransomware is an "escalating global security threat with serious economic and security consequences."

The countries involved in the two-day ransomware summit led by the US have released a joint statement pledging to make systems more resilient against attack and outlining measures that will be taken to disrupt the criminal groups involved.  

The summit included representatives from the US, Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, South Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, UAE, and the United Kingdom.

All of the countries agreed that ransomware is an "escalating global security threat with serious economic and security consequences." The countries reiterated that ransomware requires a "shared response" because of how complex and global the issue is. 

"Efforts will include improving network resilience to prevent incidents when possible and respond effectively when incidents do occur; addressing the abuse of financial mechanisms to launder ransom payments or conduct other activities that make ransomware profitable; and disrupting the ransomware ecosystem via law enforcement collaboration to investigate and prosecute ransomware actors, addressing safe havens for ransomware criminals, and continued diplomatic engagement," the statement said.

The countries pledged to make systems more resilient through policy measures, more resources, clear governance structures, well-rehearsed incident response procedures, trained workers, and private sector partnerships. 

They urged organizations to maintain offline data backups, require timely patches, and use MFA as well as stronger passwords. 

Nations should also "consider" frameworks that promote information sharing between ransomware victims and local cyber emergency response teams. 

The statement mentioned other ways to limit the effectiveness of ransomware gangs, including the disruption of payment networks. Through international cooperation, the countries said they planned to "inhibit, trace, and interdict ransomware payment flows, consistent with national laws and regulations."

"Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering," the statement said. 

"We acknowledge that uneven global implementation of the standards of the Financial Action Task Force (FATF) to virtual assets and virtual asset service providers (VASPs) creates an environment permissive to jurisdictional arbitrage by malicious actors seeking platforms to move illicit proceeds without being subject to appropriate anti-money laundering (AML) and other obligations." 

Law enforcement entities and "financial intelligence units" will be deployed to help disrupt the ransomware business model, according to the statement. 

The countries pledged to work together to "counter cybercriminal activity emanating from within our own territory and impress urgency on others to do the same in order to eliminate safe havens for the operators who conduct such disruptive and destabilizing operations." 

"We intend to cooperate with each other and with other international partners to enhance the exchange of information and provide requested assistance where able to combat ransomware activity leveraging infrastructure and financial institutions within our territories. We will consider all national tools available in taking action against those responsible for ransomware operations threatening critical infrastructure and public safety," the countries agreed. 

Diplomatic efforts were also cited as a way countries can work to disrupt ransomware groups operating in certain regions. 

The statement said diplomacy can "serve as a force multiplier" for countries that lack the capacity to address cybercrime. 

The Counter Ransomware Initiative meeting held on October 13 and 14 drew headlines this week for who wasn't involved, namely Russia

Russia, North Korea, and other countries have been accused of harboring -- and in some cases actively helping -- ransomware gangs conducting attacks on organizations across the globe. 

But when asked about Russia not being involved in the summit, the US said it already communicates directly with the country through the US-Kremlin Experts Group established this year by US President Joe Biden and Russian President Vladimir Putin.

Darktrace director of strategic threat Marcus Fowler said the summit was important because even countries with relatively low cyberattack rates need to understand that their economies are vulnerable because of their dependence on fragile supply chains.

"Ransomware actors are well aware of this; governments need to be too. With any political gathering, the proof is in the commitments and actions that come after. Whether this is a more formal UN resolution or increased scrutiny around cryptocurrency exchanges, combatting ransomware requires a transnational approach and strategy," Fowler said. 

"Biden's warnings and the recent crypto sanctions are solid steps in deterring attacks, especially on our most critical infrastructure -- but they will not stop determined, sophisticated hackers from getting in. But accepting that attacks will get in is not accepting failure. As Chris Inglis said in this week's CISA summit, 'We want to create the situation where an adversary needs to beat all of us to beat one of us.'"