Representatives from 30 countries last week pledged to “fight” the dangers posed by the global ransomware threat.
Officials from the U.S., the European Union, and 28 other countries also pledged to “harden the financial system” from exploitation by the global ransomware ecosystem. The coalition declared ransomware an “escalating global security threat with serious economic and security consequences”.
The White House released a statement on its website describing the aims of the collective action. The collective group described the threat coming from:
“…operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public. Ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity”
–White House Statement
The collective statement was issued by ministers and representatives of Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the U.A.E, the U.K., and the U.S.
The move comes as Australia released its own approach to fighting ransomware through a new wave of government activity.
Countries unsurprisingly absent from the list were China and Russia. The West accuses these nations of actively supporting cyber threat actors and clandestine elements.
What ransomware fight is likely to entail
Key initiatives the coalition will focus on will include work to improve the collective baseline when it comes to ransomware protection at a social level.
Efforts will be directed to enhance network resilience by adopting cyber hygiene good practices in the small business sector and the broader public. Examples of this include using strong passwords, securing accounts with multi-factor authentication, maintaining periodic offline data backups, and more.
Fighting back against the financial dimension of ransomware threats
At a financial level, the initiative is marked by its focus on thwarting threat actors’ tactics when it comes to funds and money laundering.
The initiative aims to improve mechanisms to counter the abuse of financial infrastructure to launder ransom payments.
Illicit payments topped nearly $500 million globally in the last two years alone: $400 million in 2020 and $81 million in the first quarter of 2021.
Many of these payments are made possible by clandestine payment mechanisms. These almost always fall foul of anti-money laundering regulations. The networks that facilitate these payments are seldom held accountable. This will be another focus of the collective group of nations.
Cryptocurrency exchanges and operators in special focus
The action comes as international activity ramps up in this space more generally. In late September 2021, the U.S. Treasury Department imposed sanctions on Russian cryptocurrency exchange Suex for helping threat actors launder transactions.
This was the first instance of such an action against a virtual currency exchange.
The U.S. government said at the time that “Treasury will continue to disrupt and hold accountable ransomware actors and their money laundering networks to reduce the incentive for cybercriminals to continue to conduct these attacks”.
The development also comes following an independent report published by the department’s Financial Crimes Enforcement Network (FinCEN). The report tied roughly $5.2 billion worth of Bitcoin transactions to 10 commonly reported ransomware variants.
This was in addition to identifying 177 unique wallet addresses used for ransomware-related payments. In the first half of 2021, ransomware financial activity extracted at least $590 million for threat actors.
The average total monthly suspicious amount of ransomware transactions has risen to $66.4 million as a result. The most commonly reported variants are REvil (aka Sodinokibi), Conti, DarkSide, Avaddon, and Phobos.
It remains to be seen how this newly announced group of nations fares, but ransomware groups will no doubt be wary, with many having already been nervous over the last few months.