Largescale malicious software attacks that block computer access until a ransom is paid are on the rise.
Globally, the phenomenon cost $20 billion in 2021, but it is expected to grow to $71.5 billion in just three years, according to senior White House administration officials.
“Ransomware is an issue that knows no borders. You have attackers in a set of countries using infrastructure in another set of countries targeting victims, hospitals, schools, companies and governments around the world,” Deputy National Security Advisor Anne Neuberger said during a press briefing on Monday, days before the National Security Council convenes its third International Counter Ransomware Initiative Summit. “As long as there’s money flowing to ransomware criminals, this will continue to grow.”
As the world’s largest economy, the United States is the largest target for ransomware attacks, accounting for 46% of incidents. Recent attacks include a ransomware hack on Clorox in August that disrupted production and caused shortages of things like bleach and salad dressing, as well as a $1 million ransom demand on Minneapolis Public Schools in February that the district did not pay, leading to 30,000 students’ personal information being published on the dark web.
Globally, there have been attacks on major supermarket chains in Kenya and the United Kingdom’s national healthcare system.
Shortly after the UK healthcare attack, the Biden Administration first formed the Counter Ransomware Initiative, or CRI, in 2021 as a way to rally allies to counter the global ransomware threat. What started with 30 countries and the European Union has seen the addition of 13 additional countries and INTERPOL in just the last year. A mix of small countries such as Lithuania and Uruguay as well as larger, developed countries including South Korea, Japan and Canada, it is believed to be the largest cyber partnership in the world.
“There’s broad international participation because it’s such a broad problem,” a senior administration official said. “The way we designed CRI, we intentionally wanted to give a role for the most diverse set of countries possible” to jointly build “disruption efforts” and resilience.
Leaders from 48 countries, the European Union and INTERPOL will attend Friday’s meeting to collaborate on ways to combat the growth of ransomware, as well as disrupt and defend against malicious cyber actors. The third gathering of CRI partners, it will focus on a new mentorship program for existing members to train new ones, a project that leverages artificial intelligence to help identify illicit funds flowing to ransomware operations and an information-sharing platform that will allow CRI members to quickly share threats.
The CRI is currently working on a joint policy statement declaring its member governments will not pay ransoms.
“Paying a ransom not only encourages ongoing ransomware attacks, it also is not necessarily the fastest way to recover,” a senior administration official said, adding that companies with good offline backups are able to recover more quickly than those that paid a ransom.
During this Friday’s summit, the CRI will pledge to create and share what it calls a blacklist of wallets that are moving illicit funds through the cryptocurrency ecosystem. That list will be used to alert the entities that enable them so they can block or freeze transactions.