According to a report by Chainalysis, a blockchain analysis company, ransomware payments reached nearly $600 million in 2021, up from $350 million in 20201.
To counter this growing challenge, the Biden-Harris Administration launched the International Counter-Ransomware Initiative (CRI) in July 2021, with the aim of enhancing international cooperation and coordination to disrupt and deter ransomware actors, increase the resilience of critical infrastructure and networks, and hold accountable those who facilitate ransomware payments2. The CRI consists of five working groups, each led by one or more countries, that focus on different aspects of the ransomware problem: resilience, disruption, counter illicit finance, public-private partnership, and diplomacy3.
The third annual CRI summit, which will take place in Washington, D.C., from November 1 to November 3, 2023, will bring together representatives from 40 countries and the European Union to review the progress made by the CRI and to commit to further actions to combat ransomware. One of the main outcomes of the summit will be a pledge signed by all participants to stop paying ransoms to cybercriminal groups, as well as to encourage other countries and entities to do the same4. This pledge is based on the recognition that paying ransoms only fuels the ransomware industry and incentivizes more attacks.
In addition to the pledge, the summit will also feature discussions on various strategies to block the funds used by ransomware groups to finance their operations, such as cryptocurrency regulation, sanctions, asset freezing, and law enforcement cooperation5. These strategies are intended to cut off the lifeline of ransomware actors and to increase the costs and risks of their activities.
The summit will also provide an opportunity for dialogue and collaboration among different stakeholders, including governments, private sector, civil society, and academia. The White House’s Deputy National Security Adviser for Cyber and Emerging Technology, Anne Neuberger, who is leading the U.S. delegation at the summit, said that addressing ransomware requires a whole-of-society approach and that the U.S. is committed to working with its partners to build a more secure and resilient cyberspace6.
The CRI summit is expected to be a milestone in the global fight against ransomware and to demonstrate the strong political will and collective action of the international community to tackle this common threat. By signing the pledge to stop paying ransoms and by implementing effective measures to block the funds of ransomware groups, the CRI hopes to reduce the profitability and attractiveness of ransomware as a criminal business model and to protect the security and prosperity of all nations.