International Counter Ransomware Initiative (CRI)

Summary

The International Counter Ransomware Initiative (CRI), established in 2021 by the United States, is the world’s largest international cyber partnership. With 68 global members, CRI strengthens resilience against ransomware, disrupts criminal ecosystems, and fosters collaboration through shared intelligence, policy innovation, and capacity-building efforts to protect critical sectors and global communities from this pervasive cyber threat.

Details

Aim
The CRI aims to combat ransomware by fostering international cooperation, strengthening resilience, disrupting ransomware ecosystems, and designing actionable policies to protect critical sectors and global communities from cyber threats.

Context
Established by the United States in 2021, the CRI was created to address the global impact of ransomware, a rising cyber threat that targets essential sectors like healthcare, education, and business. Recognizing no single entity can combat ransomware alone, the CRI leverages international partnerships to counter this pervasive issue effectively.

Outcomes
The initiative enhances global cybersecurity by increasing ransomware attack resilience, denying safe havens to malicious actors, supporting members during attacks, and fostering public-private collaborations to develop practical countermeasures. Through these efforts, critical infrastructure and everyday digital operations are better protected worldwide.

• Strengthened information-sharing platforms and international partnerships.
• Creation of best practices and playbooks to address ransomware threats.
• Regional events and exercises to improve response protocols.
• Capacity-building initiatives to enhance members’ cybersecurity skills and resources.

Outputs

• The International Counter Ransomware Task Force (ICRTF)  – January 2023.
  • ICRTF brings together policy, law enforcement and operational agencies from around the world with a shared desire to defend against and disrupt ransomware while building resilience against malicious cyber actors.
  • The ICRTF supports ongoing counter-ransomware operations undertaken by members both individually or cooperatively. Members of the ICRTF facilitate projects according to the key themes of information sharing, resilience, disruption and capacity building. This is done by translating research and policy discussions into cross-sectoral tools, building cyber threat intelligence exchanges and developing collective best practice guidance for countering ransomware.
  • The ICRTF presents a great opportunity for members to enhance and bolster their international cooperation on countering ransomware by complementing their own national efforts. Additionally, it connects CRI government agencies with industry for defensive and disruptive activities.

Activities

• Conducting ransomware-focused exercises and tabletop scenarios to identify vulnerabilities.
• Facilitating policy dialogues and collaboration among member countries and private sector entities.
• Launching AI-driven tools and research projects to enhance threat detection and response.
• Developing global guidelines for cyber insurance and reporting mechanisms during ransomware incidents.