Countries agree to 'immediate action' on ransomware, but release few details

Government representatives from 30 countries, including Canada, have agreed to recognize ransomware as a growing global security threat with serious economic and security consequences and have committed themselves to "immediate action".

In a joint statement issued on Thursday after the two-day meeting, the countries resolved to establish "shared priorities, and complementary efforts to reduce the risk of ransomware".

“Efforts will include improving network resilience to prevent incidents when possible, and respond effectively when incidents occur; conduct ransom payments or other activities to address abuses of the financial system that could lead to ransomware.” profitable." and disrupt the ransomware ecosystem through law enforcement cooperation to investigate and prosecute ransomware criminals, address safe havens for ransomware criminals, and continue diplomatic engagement, the joint statement said.

However, the statement did not specify how the countries would function.

On the possibility of throttling the way crooks get money from ransomware, including non-traceable cryptocurrency payments, countries said they are looking to enhance existing efforts to disrupt the ransomware business model and related money-laundering activities. are dedicated to. Including ensuring their national anti-money. The Laundering Framework works effectively.

“We will enhance the capacity of our national authorities, including regulators, financial intelligence units and law enforcement, to act, supervise, investigate and act against the exploitation of virtual assets with appropriate protections for privacy and based on specific actions. But may vary. On domestic contexts. We will also explore ways to collaborate with the virtual asset industry to enhance the exchange of ransomware-related information."

It was signed by Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, Netherlands, New Zealand. Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, United Kingdom and United States of America.

Public Safety Canada was asked for a statement on the situation in this country during a meeting on Wednesday. A department spokesperson sent ITWorldCanada.com to the Twitter feed of Public Safety Minister Bill Blair and the Canadian government's press release site. As of press time on Thursday, Blair had not made a statement on any of the sites at the ransomware meeting.

According to Christian Leprecht, a professor at Queen's University and senior fellow in security and defense at the Macdonald Laurier Institute, this should not be surprising, as the newly-elected government has still not been sworn in.

In general he saw merit in the joint statement. This included nations from multiple geographic regions, he pointed out in an interview, such as Brazil. "In many ways it can be read as a broad front against Russia ... with respect to the non-state actors that Russia tolerates."

He said the US has tremendous legal and cyber resources to fight cybercrime, which dwarfs most other countries. “The fact that the allies are signing this is important. It shows that all these countries are now partnering with the US on continued engagement, demonstrating that they are engaged on many such fronts. But are ready to back down in a way that includes not only the cyber domain, but also diplomacy, information sharing and law enforcement.

The US set the strategy, he said, and others have signed off on it. One question is whether the new Liberal government will devote significant resources to supporting the joint statement.

on preventing cyber crime

The countries agreed to work together through police, national security authorities, cyber security agencies and financial intelligence units to humiliate and hold criminal operators of ransomware accountable.

"Together, we must take appropriate steps to combat cybercriminal activity in our region and others by eliminating safe havens for operators operating such disruptive and destabilizing operations," the joint statement said. could." To do this, action should also be taken with immediate effect."

"We will consider all national means available to take action against those responsible for ransomware operations that endanger critical infrastructure and public safety."

on network flexibility

The countries agreed that a number of universal cybersecurity best practices implemented by organizations can dramatically reduce the likelihood of a ransomware occurrence and reduce the risk from many other cyber threats.

These basic steps include maintaining offline data backup, use of strong passwords and multi-factor authentication, ensuring software patches are up to date, and educating computer usage against clicking suspicious links or opening untrusted documents.

“We are committed to working closely with the private sector to promote improvements in basic cyber hygiene to promote network resilience and reduce risk.

ransomware. Nations should also consider appropriate steps to promote incident information sharing with protection of privacy and human rights between ransomware victims and relevant law enforcement and cyber emergency response teams (CERTs). Such participation enables the investigation and prosecution of cybercrime and facilitates wider distribution of cyber threat mitigation measures."

The countries agreed to share lessons learned and best practices for creating policies to prevent ransom payments. He also vowed to work with the private sector

To promote the sharing of event information and explore other opportunities for the collective

risk trading.

“Furthermore, we note that resilience efforts are most effective when accountable senior leaders have the ability to direct resources, balance related trade-offs, and drive results.

Actively involved in cyber security decision making."

On using the diplomatic lever

The countries agreed to try to promote rules-based behavior and encourage states to take appropriate steps to address ransomware operations in their countries. “We will leverage diplomacy through coordinating actions in responding to states whenever they do not address the activities of cybercriminals. Such cooperation would be a critical component in meaningfully reducing safe havens for ransomware actors. "

In an email, Brett Callow, a British Columbia-based threat analyst at Emsisoft, said there is no silver bullet to the ransomware problem. “The best way forward is for countries to join forces and use every mechanism at their disposal to kill threat actors where it is difficult for them to work, and reduce the incentive for them to work . And that's exactly what is happening now. Unfortunately, however, it can take a long time for efforts being made today to start having a noticeable effect, which means ransomware will probably continue to be a significant problem in the short to medium term.