The 68 members of the International Counter Ransomware Initiative (CRI)-Albania, Argentina, Australia, Austria, Bahrain, Belgium, Brazil, Bulgaria, Cameroon, Canada, Chad, Colombia, Costa Rica, the Council of Europe, Croatia, the Czech Republic, Denmark, the Dominican Republic, the ECOWAS Commission, Egypt, Estonia, the European Union, Finland, France, Germany, Greece, the Global Forum on Cyber Expertise, Hungary, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, Morocco, the Netherlands, New Zealand, Nigeria, Norway, the Organization of American States, Papua New Guinea, the Philippines, Poland, Portugal, the Republic of Korea, the Republic of Moldova, Romania, Rwanda, Sierra Leone, Singapore, Slovakia, Slovenia, South Africa, Spain, Sri Lanka, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, the United States, Uruguay, Vanuatu, and Vietnam-met in Washington, D.C. from September 30 – October 3, 2024 for the Fourth CRI Gathering. Previously participating members welcomed Argentina, Bahrain, Cameroon, Chad, the Council of Europe, Denmark, the ECOWAS Commission, Finland, the Global Forum on Cyber Expertise, Hungary, Morocco, the Organization of American States, the Philippines, the Republic of Moldova, Slovenia, Sri Lanka, Vanuatu, and Vietnam as new CRI members.
During the Fourth CRI Gathering, members reaffirmed our joint commitment to develop collective resilience to ransomware, support members if they are faced with a ransomware attack, pursue the actors responsible for ransomware attacks and not allow safe haven for these actors to operate within our jurisdictions, counter the use of virtual assets as part of the ransomware business model, partner with the private sector to advise and support CRI members, and forge international partnerships so we are collectively better equipped to counter the scourge of ransomware.
Over the past year, this coalition has grown and continues to build upon the commitments made at the Third CRI Gathering in 2023. The United States launched a new fund for CRI members to strengthen members' cybersecurity capabilities through both rapid assistance in the wake of a cyber attack, as well as targeted support to improve cybersecurity skills, policies, and response procedures.
The Policy Pillar, led by Singapore and the United Kingdom, spearheaded efforts to build resilience against ransomware attacks and leverage the ecosystem to disrupt the ransomware criminal industry. These efforts seek to undercut the business model that underpins the ransomware ecosystem by driving forward work on secure software and labeling, methods to counter the use of virtual assets as part of the ransomware business model, policies to reduce ransom payments, increase and improve reporting, cyber insurance, and a playbook to guide businesses on how to prepare for, deal with, and recover from a ransomware attack. Of note, CRI members and insurance bodies have endorsed guidance to help organizations experiencing a ransomware attack. The guidance underscores the important role cyber insurance can play in helping to build resilience to cyber attacks and highlights actions organizations should explore during an incident. In addition, the Pillar held a table-top-exercise to assist members in identifying gaps in their processes, learning best practices and supporting members develop effective responses to ransomware attacks on the healthcare sector.
The Diplomacy and Capacity Building Pillar, led by Germany and Nigeria, expanded the CRI's partnerships with the addition of 18 new members to the coalition and mapped out the capacity building assets and needs of members. To foster collaboration, forge new partnerships, and recruit new members into the Initiative, CRI members hosted regional events throughout the year.
Under the leadership of Australia and Lithuania, the ICRTF focused its work on building resilience against malicious cyber attacks through international cooperation. Lithuania and Australia, as ICRTF co-chairs, worked to develop governance for information sharing and increase onboarding of members to the information sharing platforms led by Lithuania and Belgium as well as Israel and UAE. These platforms will allow members to easily share threat information and indicators of compromise. In a project led by INTERPOL and Australia, a comparative report was produced analyzing Ransomware Interventions and Remediation in CRI members' jurisdictions. Australia launched a website and member portal so CRI members can easily share information and best practices, foster collaboration, and use as a mechanism to request assistance from the CRI community when experiencing a ransomware attack. The ICRTF co-chairs presented a statement for members to join that calls for responsible behavior in cyberspace and encourages members to hold malicious actors accountable and deny them safe haven using all of the cyber diplomacy and law enforcement tools at their disposal.
Canada established a new Public-Private Sector Advisory Panel to advise and support CRI members in combating ransomware. This advisory panel will catalyze effective information sharing, build trust through clear expectations and person to person collaboration, and develop best practices to navigate practical hurdles.
The Initiative also hosted its first-ever event dedicated to examining the use of AI to counter ransomware attacks. Topics of discussion included the use of AI to track threat actor use, AI for Software Security, scenario planning around ransomware attacks on the healthcare industry, and tools such as watermarking to counter disinformation.
Through the Initiative's annual gathering as well as the dedicated work and regional meetings occurring between each meeting, we commit to working together at both a policy and operational level to counter ransomware threats and hold perpetrators of these malicious attacks accountable. CRI continues to call for responsible behavior in cyberspace and encourage members to call out malicious acts, and we remain committed to using all appropriate tools to achieve these goals, and are jointly committed to the following actions in support of this mission.
