Ransomware talks. Over Monday and Tuesday, the White House brought together 37 countries, as well as the European Union, at the second Counter Ransomware Initiative Summit. Nations and 13 private sector partners discussed and developed strategies to actively cooperate on countering ransomware around the globe.
- In 2021 ransomware attacks amounted to 10% of all breaches (doubling in frequency from 2020). Roughly 37% of global organizations said they were victims of some form of ransomware attack in 2021.
- The latest Treasury Department analysis showed that Russian-related ransomware variants were used in three-quarters of all reported attacks in the second half of 2021.
Stronger together. The Summit was about “taking concrete actions with our international partners to protect our citizens and businesses from cyber criminals,” noted the White House. CRI members (which include Australia, the United Arab Emirates, Israel and Ukraine beyond the US, European nations and private sector companies) have committed, among other things, to:
- address ransomware “across appropriate multilateral formats to establish broader based practices, actions, and norms around countering ransomware activity and responses;”
- and “coordinate our cyber capacity building programs strategically to strengthen resilience, disruption capabilities, legal frameworks, and law enforcement capacity to combat ransomware in other countries.”
Italy was there too, represented by the director of the National Cybersecurity Agency, Roberto Baldoni. On LinkedIn, the NCA explained the meeting was geared at “fostering the adoption of cybersecurity technology standards, promoting protection and response to cyber attacks against critical infrastructure, developing a national cybersecurity workforce, increasing NATO’s cyber resilience,” and “building an operational network to prevent the scourge of ransomware.”
- On its part, the NCA intends to establish operational communication channels for efficient information exchange with the most advanced nations – a “formidable tool for increasing a nation’s cybersecurity.”
The Italian case study. The city of Palermo suffered a brutal ransomware attack in June, which ended up disrupting its digital services and impacting 1.3 million citizens, as well as tourists. The Vice Society ransomware group claimed that attack.
- Microsoft Security Threat Intelligence indicated the ransomware group (which it tracks as DEV-0832) has been swapping between BlackCat, QuantumLocker, Zeppelin, and a homegrown variant of the Zeppelin ransomware.
A “borderless problem.” The Palermo incident was cited during a background call on Sunday, which set the stage for the two-day CRI Summit. Public services are increasingly in the cybercriminals’ crosshairs. Education, central and local government, energy infrastructure and healthcare are all in Sophos’ top ten list of ransomware targets by industry.
- “We’re seeing the pace and the sophistication of the ransomware attacks increasing faster than our resilience and disruption efforts,” said a senior White House official, who noted there’s been “a lot of progress” on disrupting the activities of cybergangs. “But we really want to redouble our work, deepen the partnership — because […] it’s a borderless problem, so fundamentally no one country can take it on alone — and put in ways to systemize information sharing.”
The importance of cooperation. “We know that we are advancing into […] unchartered waters, but we are confident that we can effectively face the challenge of ransomware if we join forces in a concrete way,” said the NCA’s Director for International Affairs Massimo Ambrosetti, who also noted that such timely conferences “have reinforced our awareness that change cannot be postponed in our approach to counter these set of destabilizing and criminal activities.”
- As first reported by our sister website, Formiche.net, next week Rome will be the stage of the NATO Cyber Defence Pledge Conference 2022, an event co-hosted by Italy and the US. That will be a further occasion for allied States to coordinate and discuss how to enhance cooperation and cyber resilience.
Image: National Cybersecurity Agency LinkedIn page