In an urgent response to the escalating menace of ransomware attacks, the White House is spearheading a concerted effort to rally international cooperation against this growing cyber threat.
These malicious software attacks, which demand a ransom for the restoration of computer access, have seen a sharp increase in recent years, prompting concerns of a global crisis. In 2021, ransomware incidents incurred an estimated cost of $20 billion, with projections indicating that this figure is set to skyrocket to a staggering $71.5 billion within the next three years, as revealed by senior White House administration officials.
The international scope of the ransomware problem has spurred the call for collective action. Deputy National Security Advisor Anne Neuberger emphasized this point during a press briefing, noting that ransomware knows no borders. She highlighted the issue of attackers operating in one set of countries, using infrastructure located in another set of countries, to target victims including hospitals, schools, companies, and governments across the world. She stressed that as long as money continues to flow to ransomware criminals, the problem will persist.
The United States, being the world’s largest economy, finds itself the primary target for ransomware attacks, accounting for 46% of all incidents. Recent attacks have included a ransomware breach on Clorox in August, which disrupted production and resulted in shortages of products like bleach and salad dressing. Additionally, a demand for a $1 million ransom was made on Minneapolis Public Schools in February, which the district wisely refused to pay, ultimately leading to the publication of 30,000 students’ personal information on the dark web.
Ransomware attacks have not been limited to the United States, as evidenced by major incidents involving supermarket chains in Kenya and the United Kingdom’s national healthcare system.
In response to the UK healthcare attack, the Biden Administration initiated the Counter Ransomware Initiative (CRI) in 2021, uniting allies in a joint effort to combat the global ransomware threat. What began with 30 countries and the European Union has rapidly expanded to include 13 additional countries and INTERPOL over the past year, making it arguably the largest international cyber partnership in the world.
A senior administration official emphasized the widespread international participation in the CRI, reflecting the broad scope of the problem. The initiative was intentionally designed to involve a diverse set of countries, enabling them to collaboratively build “disruption efforts” and bolster their resilience.
Leaders from 48 countries, the European Union, and INTERPOL are set to convene in the third International Counter Ransomware Initiative Summit, where they will explore strategies to combat the proliferation of ransomware attacks and defend against malicious cyber actors. The meeting will focus on the introduction of a mentorship program for existing CRI members to train new participants, a project harnessing artificial intelligence to identify illicit funds funneled into ransomware operations, and an information-sharing platform to expedite threat sharing among CRI members.
Of paramount importance, the CRI is actively working on a joint policy statement to declare that its member governments will no longer pay ransoms. This stance is grounded in the understanding that paying ransoms not only encourages further ransomware attacks but is also often an ineffective way to expedite recovery. Companies with robust offline backups have proven to recover more swiftly than those that acquiesce to ransom demands.
During the upcoming summit, the CRI will commit to creating and sharing a “blacklist” of cryptocurrency wallets involved in moving illicit funds, empowering entities to block or freeze transactions associated with these wallets. This cooperative endeavor marks a significant step toward combating the global ransomware threat and protecting the interests of nations and individuals against this evolving cyber menace.