Government representatives of 30 nations including Canada have agreed to recognize ransomware as an escalating global security threat with serious economic and security consequences and have committed themselves to “urgent action.”
“Efforts will include improving network resilience to prevent incidents when possible and respond effectively when incidents do occur; addressing the abuse of financial mechanisms to launder ransom payments or conduct other activities that make ransomware profitable; and disrupting the ransomware ecosystem via law enforcement collaboration to investigate and prosecute ransomware actors, addressing safe havens for ransomware criminals, and continued diplomatic engagement.” the joint statement said.
However, the statement doesn’t say precisely how the countries will act.
On the possibility of strangling the way crooks get money from ransomware, including through untraceable cryptocurrency payments, the countries said they are dedicated to enhancing existing efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring their national anti-money laundering frameworks work effectively.
“We will enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and take action against virtual asset exploitation with appropriate protections for privacy, and recognizing that specific actions may vary based on domestic contexts. We will also seek out ways to co-operate with the virtual asset industry to enhance ransomware-related information sharing.”
It was signed by Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.
Public Safety Canada was asked Wednesday for a statement on this country’s positions during the meeting. A department spokesperson referred ITWorldCanada.com to Public Safety Minister Bill Blair’s Twitter feed and the government of Canada’s press release site. As of press time Thursday, Blair had not made a statement on either site on the ransomware meeting.
That shouldn’t be surprising, according to Christian Leuprecht, a Queen’s University professor and senior fellow in security and defence at the Macdonald Laurier Institute, because the newly-elected government still hasn’t been sworn in.
Generally he saw merit in the joint statement. It involved nations from many geographies, he pointed out in an interview, such as Brazil. “In many ways this can be read as a broad front pushing back against Russia … with regards to non-state actors that Russia tolerates.”
The U.S. has tremendous legal and cyber resources for fighting cybercrime that dwarf most other nations, he added. “The fact that allies are signing on to this is quite significant. It suggests all these countries now are partnering with the U.S. on persistent engagement by demonstrating they are prepared to push back on a host of fronts that don’t just involve the cyber domain, but also diplomacy, information sharing and law enforcement.”
America set the strategy, he said, and others have signed on to it. One question is whether the new Liberal government will devote significant resources to support the joint statement.
On disrupting cybercrime
The countries agreed to act to degrade and hold accountable ransomware criminal operators by collaborating through police, national security authorities, cybersecurity agencies, and financial intelligence units.
“Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory and impress urgency on others to do the same in order to eliminate safe havens for the operators who conduct such disruptive and destabilizing operations,” the joint statement said.
“We will consider all national tools available in taking action against those responsible for ransomware operations threatening critical infrastructure and public safety.”
On network resilience
The countries agreed that several universal cybersecurity best practices implemented by organizations can dramatically reduce the likelihood of a ransomware incident and mitigate the risk from a host of other cyber threats.
These basic steps include maintaining offline data backups, use of strong passwords and multi-factor authentication, ensuring software patches are up to date, and educating computer uses against clicking suspicious links or opening untrusted documents.
“We are committed to working together and with the private sector to promote improvements in basic cyber hygiene to boost network resilience and mitigate the risk of
ransomware. Nations should also consider appropriate steps to promote incident information sharing between ransomware victims and relevant law enforcement and cyber emergency response teams (CERTs), with protection for privacy and human rights. Such sharing enables cybercrime investigations and prosecutions, and facilitates broad distribution of cyber threat mitigation steps.”
The countries agreed to share lessons learned and best practices for creating policies to crimp ransom payments. They also vowed to work with the private sector
to promote incident information sharing and to explore other opportunities for collective
buy-down of risk.
“Further, we note that resilience efforts are most effective when accountable senior leaders with the ability to direct resources, balance associated trade-offs, and drive outcomes
are actively involved in cybersecurity decision-making.”
On using diplomatic levers
The countries agreed to try to promote rules-based behavior and encourage states to take reasonable steps to address ransomware operations in their nations. “We will leverage diplomacy through co-ordination of action in response to states whenever they do not address the activities of cybercriminals. Such collaboration will be a critical component to meaningfully reduce safe havens for ransomware actors.”
In an email, Brett Callow, British Columbia-based threat analyst for Emsisoft, said there is no silver bullet to the ransomware problem. “The best way forward is for countries to join forces and use every mechanism at their disposal to hit threat actors where it hurts, make it harder for them to operate, and to reduce the incentive for them to operate. And that’s exactly what’s now starting to happen. Unfortunately,
In an email Greg Young, Canadian-based vice-president of cybersecurity at Trend Micro, said the private sector is doing all it can to shield against ransomware, but governments need to move to stop the attack groups who create and use it.
“This meeting is important for two reasons,” he said. “First, governments need to be more involved in reducing ransomware at its source, including the payments they receive. Second, ransomware is almost always crossborder with foreign-based attackers, so a multi-government international effort is even better. Companies and citizens can’t interrupt the cryptocurrency payment pipeline that ransomware groups rely on, nor pressure governments that aren’t cooperating in stopping attacker groups in their countries. I’m most interested in measures to track and interrupt payments, as this will have the greatest impact even for less cooperative host governments.”