The CRI is the largest international cyber partnership, comprising 68 members committed to enhancing collective resilience against ransomware and disrupting its ecosystem. Member nations cooperate across all aspects of the ransomware threat, including undermining the profitability of ransomware, pursuing the perpetrators, countering the illicit financing that sustains the ransomware industry, and partnering with the private sector to bolster defenses against such attacks.
During the Fourth CRI Summit, participants reaffirmed their shared commitment to building collective resilience against ransomware, supporting members facing attacks, holding those responsible for ransomware accountable, and ensuring that their jurisdictions do not provide safe havens for malicious actors. Additionally, they pledged to counter the use of virtual assets as part of the ransomware business model, collaborate with the private sector to offer guidance to CRI members, and strengthen international partnerships to improve global preparedness against ransomware threats
This year, the Policy Pillar led efforts to build resilience against ransomware and disrupt the ransomware economy. Key initiatives include advancing work on cyber insurance, promoting secure-by-design practices, developing strategies to counter the use of virtual assets by ransomware actors, and creating policies to reduce ransom payments and improve reporting. A comprehensive playbook was also developed to help businesses prepare for, respond to, and recover from ransomware attacks. The 2024 Summit emphasized expanding resources to increase the cyber capacity of new members and support them during attacks.
The key CRI deliverables for 2024 include:
- The CRI Fund
- Guidance for Victim Organizations
- The Private Sector Engagement Working Group (PSEWG)
- The use of artificial intelligence to counter ransomware
- Enhanced information sharing
- Strengthening collective cyber resilience
The International Counter Ransomware Task Force (ICRTF) also called on members to endorse a statement promoting responsible behavior in cyberspace. It encouraged members to hold malicious actors and the states that harbor them accountable, utilizing all available tools in cyber diplomacy and law enforcement. The CRI continues to advocate for responsible conduct in cyberspace and urges members to denounce and address malicious activities.