Cybercrime has created a serious threat landscape over the past few years. Cyber-attacks concern all areas across the internet and ICT infrastructure as attackers’ techniques have reached new heights.
In addition to the large variety of cyberattacks, ransomware epitomises an escalating global security threat with devastating impacts to businesses, critical infrastructure, and individuals around the world. Because they have sharply increased in scale, sophistication, and frequency over the last two years, they can also threaten public institutions, becoming a concern for economic prosperity and national security.
They are an inherently international phenomenon, with criminals trying to cover their tracks whilst exploiting safe harbours. Addressing the ransomware threat will require a whole of society approach: all actors, individuals, civil society, industries, and governments will have a role to play.
At the same time, given the global nature of the threat, enhancing international collaboration is crucial. Germany therefore fully supports initiatives aimed at enhancing internationally coordinated actions to address and mitigate this threat, including the commitments made at the G7 level.
The groups of perpetrators can be divided into:
- Financially motivated (private) groups or individuals
- Groups with financial motivation and contacts with governmental organisations
- Government Services (e.g., intelligence services)
Recent ransomware attacks — such as those against the IRL Healthcare System, JBS group, and the colonial pipeline system — emphasise the great impact they can have on daily life.
Germany sees a great need for action, which cannot be handled by each country individually: cyber security can only be achieved through international alliances.
The German approach and priority areas for international collaboration
Enhancing general cyber security and resilience is a top priority and the foundation of these efforts. However, it is not sufficient. More efforts and international cooperation are needed. The following priority areas could be of special interest for an exchange:
- Enhancing cross-border law enforcement, including information sharing (also via CERT-to-CERT channels) and fast response mechanisms.
- Establishing diplomatic measures to encourage other countries to actively fight ransomware criminals and avoid providing safe havens. This could include, inter alia, raising the ransomware issue at high-level bilateral engagements, coordinating international outreach among like-minded governments, and developing a set of actions vis-à-vis countries that condone cybercriminals’ activities.
- Strengthening the implementation of international agreements reached by UN groups operating in the Field of Information and Telecommunications — the Open-Ended Working Group (OEWG) and the UN Governmental Group of Experts (GGE) — as well as international cooperation frameworks in the fight against cybercrime (e.g., joint efforts to promote the Budapest Convention, close coordination around new UN cybercrime processes). This could also include the development of best practices for the implementation of due diligence.
- Cooperating with the private sector (e.g., exchanging best practices on reporting ransomware attacks or ransomware payments and facilitating responses of tele-media providers).
- Addressing the misuse of cryptocurrencies, including measures to increase cryptocurrency resilience and facilitate international tracing.
- Working towards streamlined policies addressing ransomware payments and ransomware insurances.
- Enhancing and coordinating Cyber Capacity Building efforts (e.g., with regard to building up national law enforcement capacities).
International approach for joint actions on combating ransomware
Working groups in the United States have already initiated several anti-ransomware alliances, organised along four lines of efforts:
- Improving network resilience, which amounts to more than technical capabilities alone. It’s a combination of effective policy frameworks, appropriate resources, clear governance structures, transparent and well-rehearsed incident response procedures, a trained and ready workforce, partnership with the private sector, and consistently enforced legal and regulatory regimes.
- Countering Illicit finance has significant potential for combating ransomware through enhanced international cooperation to inhibit, trace, and interdict ransomware payment flows consistent with national laws and regulations which will drive down economic incentives for ransomware actors.
- Disrupting the ransomware ecosystem: ransomware activity is often transnational in nature and requires timely and consistent collaboration across law enforcement, national security authorities, cybersecurity agencies, and financial intelligence units. Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory and impress a sense of urgency on others to do the same in order to eliminate safe havens for those conducting such disruptive and destabilizing operations.
- Fostering diplomacy: in addition to disrupting the ransomware ecosystem, diplomatic efforts can promote rules-based behaviour and encourage countries to take reasonable steps to address ransomware operations emanating from within their territory.
Focusing on diplomacy, Germany has taken the lead in providing concrete options for action by prioritizing a common approach. Promoting an international alliance to counter ransomware is the first productive step towards harnessing the international community to defeat ransomware threats. The way forward is to drive the multilateral stock-taking exercises to find targets of enhanced collaboration among all participating states. With these measures, other countries should be encouraged to actively fight ransomware criminal groups, too.
We have to ensure there are no safe havens for any kind of criminal actions in this area. On the basis of confidence-building measures, all stakeholders have to share their own experiences on lessons learned or best practices to combat ransomware.
In this context, a special focus could be aimed at helping low- and middle-income countries to get support to become more resilient against attacks. They should be motivated to take full advantage of the opportunities of the digital economy and learn how to integrate basic cybersecurity elements in digitalization and connectivity projects and cooperation.