The White House’s second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations.
Last year’s summit ended with far fewer actionable, concrete steps in this direction, concluding with a joint statement indicating “countering illicit finance” was a priority without stating in specific terms that the Countering Ransomware Initiative (CRI) was focused on cryptocurrencies. The tone is more direct and focused this time around.
The White House, which hosted the summit, said the CRI group planned to “take joint steps to stop ransomware actors from being able to use the cryptocurrency ecosystem.” The CRI said sharing information about known crypto wallets used for laundering ransom funds was one part of the new strategy.
The CRI group said its anti-crypto work will focus on “the development and implementation” standards to tackle “money laundering” and the “financing of terrorism”. This includes the ‘know your customer’ rules to mitigate misuse of crypto by cyber criminals.”
Other new commitments made during the summit include plans to hold another workshop on improving blockchain tracing and analytics to counter money laundering, developing an active information sharing platform between private and public entities, writing new international standards for preventing and responding to ransomware, and improving international agency cooperation “to strengthen resilience … and law enforcement capacity to combat ransomware [in] other countries.”
More than commitments
New commitments are great, but they are still plans as opposed to concrete action being taken by the CRI. Those were also detailed in the joint statement, with the group saying it planned to do a number of things between now and the next summit.
Included in that list is the establishment of an International Counter Ransomware Task Force (ICRTF) that will initially be chaired by Australia and work “to coordinate resilience, disruption, and counter illicit finance activities.”
The Lithuanian Regional Cyber Defense Center (RCDC) will also begin playing host to a new “fusion cell” that will be used to test a scale version of the ICRTF and operationalize ransomware threat info. The RCDC will publish semiannual reports on ransomware trends and serve as an information sharing hub “with a wide spectrum of stakeholders.”
Additionally, CRI members will work in the coming year to build a ransomware investigator’s toolkit that “will allow CRI partners to benefit” from prior incidents outside their borders, are committing to publishing joint advisories, will work to build “active and enduring” private/public sector ransomware engagement, agree to hold biannual counter ransomware exercises and help build a single ransomware framework used to coordinate priority targets and relay information to law enforcement groups to take action.
The Biden administration said that countering ransomware is a core part of its international cybersecurity agenda, and a scourge on businesses around the world. While the US has taken steps to fight ransomware, the administration said in the joint statement “it is a challenge that knows no borders.” ®