CRI representatives at the 2022 summit. Image: White House
CRI representatives at the 2022 summit. Image: White House

White House hosts Counter Ransomware Initiative summit, with a focus on not paying hackers

The third annual White House-led counter ransomware summit convening 48 countries, the European Union and Interpol launches in Washington today, featuring several new elements including a pledge from most member states not to pay ransoms and a project to leverage artificial intelligence to analyze blockchains, according to Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger.

The International Counter Ransomware Initiative (CRI) has expanded in scope and ambition since it debuted with 30 members and the European Union in 2021.

The new AI blockchain initiative was described as a way of identifying illicit funds used to pay ransomware demands.

Neuberger said the CRI also will offer “innovative mentorship and tactical training” programs for newer members, citing how Israel has coached Jordan on countering ransomware as one example.


2023_1016 - Ransomware attacks USA only (2).jpg

Ransomware attacks targeting U.S. organizations have trended upwards in 2023. Source: Recorded Future

2023_1016 - Ransomware attacks by country (10 countries) (1).jpg

Most Western countries are hit by ransomware attacks on a regular basis. Source: Recorded Future

The initiative also will begin using a new information sharing platform that will enable member countries to quickly exchange news of threat indicators, Neuberger said in a call to reporters, citing work Lithuania, Israel and the United Arab Emirates have done to create platforms so “if one country is attacked, others can quickly be defended against that.”

CRI officials hope that every member country will share at least one piece of information on the platforms once a week in an effort to establish “collective threat information to enable countries to better and more effectively defend themselves,” a senior administration official said of the effort.

In addition to the pledge by most member countries not to pay ransoms, Neuberger said that member governments will declare that they will help any member country hit by a ransomware attack with incident response. Recorded Future News first reported the effort to corral CRI members into signing the pledge not to pay ransoms.

Not all 48 countries have agreed to the pledge yet, according to a senior administration official who described the effort as a “really big lift.”

“We're still kind of in the final throes of getting every last member to sign up,” the official said. “We're pretty much there which is exciting.”

Security researchers estimate the global cost of ransomware will total $20 billion in 2021 and will surge to $71.5 billion by 2026. According to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources, the U.S. has been a top target for ransomware attacks in 2023, with more than 100 victims in most months. When adjusted for population, Belgium, the United Kingdom, Australia and Canada have experienced a disproportionate amount of ransomware attacks in 2023, in addition to the U.S.

The CRI also will share a “blacklist of wallets” through the U.S. Department of Treasury, Neuberger said, in an effort to track those through which payments are flowing. A senior administration official said that by tracking which wallets are moving illicit funds, officials can “alert their virtual assets service providers to block or freeze those transactions.”

“Ransomware is an issue that knows no borders, it crosses borders, you have attackers in a set of countries using infrastructure in another set of countries targeting victims, hospitals, schools and companies and governments around the world,” Neuberger said during a press conference.

She added that as long as there's “money flowing to ransomware criminals, this will continue to grow. It's a problem. The problem will continue to grow.”

Neuberger stressed that the initiative is meant to be an international partnership and said her hope is that the CRI countries, Interpol, and the European Union increasingly leverage the opportunity to enhance what she called the “largest cyber partnership in the world.”

She cited a variety of crippling ransomware attacks in countries around the world, including a ransomware attack in the United Kingdom impacting national health service entities; one causing citizen payment delays in Poland; and an attack on a major supermarket chain in Africa.

Describing the impact ransomware has had in the United States, Neuberger pointed to the recent attack on Clorox, which has suffered production issues as a result. She also cited the February attack on Minneapolis Public Schools, which she said led to sensitive data, including mental health information, belonging to 30,000 students landing on the dark web.

One CRI member state serves as a cautionary tale to the others, having suffered a massive and historic series of ransomware attacks that led the U.S. to announce a $25 million infusion of cash to support the country’s cyber defense efforts in March.

As recently as January Costa Rica suffered the latest in a wave of ransomware attacks that have paralyzed the country.

In August, President Rodrigo Chaves told a Washington audience that after he refused to pay a $20 million ransom, an onslaught of attacks devastated the nation.


2023_1016 - Ransomware attacks per 100 million pop (10+USA) (1).jpg

When adjusted for population, the U.S. is still one of the largest targets for ransomware actors. Source: Recorded Future.

“We were attacked, affecting the backbone of the functioning of the state,” Chaves said at an event hosted by the Center for Strategic and International Studies. “Our tax system, our customs system, electricity, even meteorological services … our Ministry of Transport, our social security, our health system attacked — so it was ugly.”

While pointing out that the United States is the world’s most targeted country, Neuberger said the initiative is meant to be “an international partnership that spans most of the world's time zones.”

“There's large countries, small countries, countries with a lot of cyber capability led the Uand capacity, and those who are seeking to gain and learn that,” she said.

The CRI’s 48 nation state members now include a wide variety of countries, including Kenya, Uruguay, South Korea, Japan and Lithuania.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Suzanne Smalley

Suzanne Smalley

is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.