The Global Threat of Ransomware Needs a Global Response

Showing no sign of slowing down, the threat of ransomware continues to pose an issue for private sector profitability, sensitive government systems, critical supply chains, and personal user data. Complicating this rise is the global nature of the threat due to the ease of universal access that the Internet provides for any system that connects to it. The United States is working to lead a global response, gathering almost fifty nations to D.C. for the annual Counter Ransomware Initiative Summit to discuss mitigation tactics and cooperation opportunities. The United States must continue to take the lead in the International Counter Ransomware Initiative (CRI) and promote effective solutions that stand a chance at denting the rate of successful ransomware attacks, while also protecting the integrity of virtual assets and blockchain technologies from government overreach.

The 2023 annual Counter Ransomware summit took place from October 31 to November 1. In its third iteration, the summit aims were to foster a “collective resilience to ransomware” and make ransomware operations untenable for threat actors. Currently, ransomware is very attractive due to the high payouts from victims that too often follow successful intrusions. Estimates are that the global cost of ransomware in 2021 was $20 billion and will rise to over $70 billion in 2026. Ransomware attacks against the United States have risen throughout 2023, a holding pattern that has made it the number one targeted nation even when adjusted for population.

One way the CRI is looking to stop this trend is getting member nations to pledge to not make ransom payments. However, only 40 of the 50 members have so far agreed to this measure. Additionally, the pledge only applies to non-emergency situations and if the victim is not a local government entity or part of the private sector. Still, the precedent set by national governments will have some downstream effect on the willingness of other parties to willingly take up the pledge themselves. The United States federal government has already shown that it can shift the country to increase its cybersecurity through government contracting. Setting a standard of not paying ransoms should be similarly effective.

Additional focuses of the 2023 summit were information sharing and improvement of capabilities to disrupt threat attackers. Information sharing is key to stopping active attacks from spreading and helps in conducting retrospectives for improving cyber defenses against similar tactics, techniques, and procedures used in the future. Information sharing tools such as Israel and the UAE’s Crystal Ball and India’s new Trident Resilience Platform will now be available for other CRI members to help share threat indicators. To help increase the defense capabilities of member nations, a mentorship and tactical training program was established to help new members get up to speed. Part of this capability building will include leveraging artificial intelligence (AI) to defend against ransomware attacks. If cyber threat actors are able to leverage AI to make their malware harder to detect and stop, then defenders will need to use it similarly to react quicker and more easily identify anomalies.

The CRI is also focusing on payments made through virtual assets such as crypto currency. To this end, the CRI will use the U.S. Department of Treasury to share blacklisted wallets so that illicit funds can be better tracked. It will also encourage adoption of anti-money laundering or “know your customer” regulations. While it is important that law enforcement have mechanisms to stop criminality and fraud, the result cannot be the undermining of anonymizing payment methods and technologies like crypto currencies and blockchain. Concerns that “war has been declared” on crypto by prominent Democrats and over-zealous regulators have been raised by industry leaders. The CRI should commit to respecting the valid utility of these technologies and the privacy they provide against government overreach.

The International Counter Ransomware Initiative contains promising solutions that will contribute towards limiting the profitability of these unrelenting cyber-attacks. The United States must continue to provide sound leadership for the group as it continues to be the number one targeted nation for these attacks. This position will allow the U.S. to wield its outsized influence to encourage other members to sign onto pledges that will help limit the effectiveness of ransomware. The U.S. must also hearken back to its original ideals of liberty and limit the infringement of new virtual payment technologies that allow for anonymization and enable privacy. Ransomware is a scourge on the United States that will not stop unless determined and consistent action is taken to disrupt it.