The International Counter Ransomware Taskforce (ICRTF), envisioned by the International Counter Ransomware Initiative (CRI), kicked off its operations with Australia as its inaugural chair and coordinator.
The CRI was first brought together in October 2021 with a virtual meeting of 30 countries, facilitated by the US White House National Security Council.
In November 2022, a second meeting took place where the following was established by the 37 participating members:
- Hold ransomware actors accountable for their crimes and not provide them safe haven.
- Combat ransomware actors’ ability to profit from illicit proceeds by implementing and enforcing anti-money laundering and countering the financing of terrorism (AML/CFT) measures, including “know your customer” (KYC) rules, for virtual assets and virtual asset service providers.
- Disrupt and bring to justice ransomware actors and their enablers, to the fullest extent permitted under each partner’s applicable laws and relevant authorities.
- Collaborate in disrupting ransomware by sharing information, where appropriate and in line with applicable laws and regulations, about the misuse of infrastructure to launch ransomware attacks to ensure national cyber infrastructure is not being used in ransomware attacks.
The intention of setting up a taskforce also originated from this second summit with the goal to develop cross-sectoral tools, and exchange cyber threat intelligence to increase early warning capabilities and prevent attacks.
The taskforce would also help consolidate policy and best practice frameworks. It was established in the Australian Department of Home Affairs’ Cyber and Critical Technology Coordination Centre.
The ICRTF will act as a medium for CRI to connect with industry for defensive and disruptive threat sharing and actions. The cyber security projects under ICRTF will be initiated in response to requests for assistance from members, and support opportunities to disrupt malicious actors on a case-by-case basis, Australia Department of Home Affairs said in a statement.
Reports on tools, tactics, and procedures to improve awareness of members will also be expected from the ICRTF.
Australia’s leadership against ransomware
This initiative is taking place under the current Australian government, which after coming to power in May 2022 was quick to assign cybersecurity as a standalone portfolio with Clare O’Neil as the Minister for Cyber Security. However, cybersecurity isn’t O’Neil’s only responsibility, she is also the Minister of Home Affairs.
After taking an offensive approach towards Optus following the massive data breach, O’Neil was suddenly faced with too many breaches—some considerably more harmful such as the Medibank breach, which led to a change in approach by the government with a more supportive attitude.
The Optus breach, and all the ones that followed, forced the government to take charge and make changes to how it deals with cyberthreats.
One such change has been the formation of the joint Australian Federal Police and Australian Signals Directorate operational grouping, tasked with actively thwarting the activities of cybercriminals. This is said to be a team of 100 personnel from both agencies.
The Australian government also passed a bill to increase data breach penalties from AU$42 million to AU$50 million. This is under the Notifiable Data Breaches scheme, which first went into effect in February 2022.
However, not a single company has been fined since then. The Office of the Australian Information Commissioner has lodged just one civil penalty proceedings against Facebook in the Federal Court in March 2020, which is still an ongoing case.
The International Counter Ransomware Initiative
The members of the Counter Ransomware Initiative are: Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Croatia, the Czech Republic, the Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Poland, Republic of Korea, Romania, Singapore, South Africa, Spain, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, the United States, Ukraine and the European Union.
CRI expects to raise awareness of its existence and welcome other countries to the group.
During the 2022 summit, CRI set out several initiatives beyond the creation of the taskforce and its members also agreed to:
- Hold a second counter-illicit finance ransomware workshop to expand on the lessons learned during the first workshop and build capacity on blockchain tracing and analytics.
- Take joint steps to stop ransomware actors from being able to use cryptocurrency to garner payment.
- Actively share information between the public and private sectors on actors and tradecraft.
- Pursue the development of aligned frameworks and guidelines to prevent and respond to ransomware, with a focus on the provision of essential services and critical infrastructure.
- Address ransomware across appropriate multilateral formats to establish broader based practices, actions, and norms around countering ransomware activity and responses.
- Coordinate its cyber capacity building programs strategically to strengthen resilience, disruption capabilities, legal frameworks, and law enforcement capacity to combat ransomware other countries.