What’s Next for the International Anti-Ransomware Initiative

It’s common for new administrations to be cautious about the policies of their predecessors. Sometimes this is necessary, but it can also be unwise. During this transition period, the United States should continue to support the International Anti-Ransomware Initiative (CRI), which provides a highly effective model for international cooperation to address major cyber threats. Thanks to the support of many member countries, CRI has grown into a self-sustaining platform that not only expands the United States’ influence but also consolidates its leadership in cybersecurity.

First, ransomware is one of the fastest-growing forms of cybercrime, and attackers profit by encrypting victims’ data and demanding a ransom. After the Colonial Pipeline incident, the United States realized that it could not deal with these threats alone, so it established CRI in October 2021. At that time, ministers and officials from 31 countries and the European Union met in Washington, and now the initiative has expanded to include more than 70 countries and international organizations. CRI’s core work includes degrading attacker capabilities, blocking their access to digital infrastructure, promoting the sharing of information and best practices, and supporting victim countries. In some ways, its operating model is similar to the intelligence community’s collaboration on cyber threats and responses.

Secondly, the organizational structure of CRI. CRI consists of four core "pillars": Policy Pillar: Responsible for formulating relevant policy frameworks. International Anti-Ransomware Task Force (ICRTF): Focuses on providing practical tools and operational capabilities. Diplomacy and Capacity Building Pillar: Promotes international diplomacy and member state capacity building. Private Sector Advisory Group: Strengthens cooperation with the private sector. Since its inception, the United States has served as the chairman and secretariat of CRI. The fourth CRI Summit held in October 2024 attracted the participation of 68 countries and organizations, and three new member states were added later. At the meeting, member states reaffirmed their commitment to enhancing resilience, promoting cooperation and combating ransomware through various pillars, and established a new private sector advisory group to lay a broader foundation for cooperation in response to ransomware attacks.

Although CRI has achieved remarkable results, the new government still faces multiple challenges in promoting this initiative. One is the problem caused by the rapid expansion of scale. The rapid growth of CRI shows the high interest of countries in cooperating to combat cybercrime. However, some member states are worried that too rapid expansion may weaken its sense of mission and even cause excessive dispersion of resources. Second, CRI explicitly opposes paying ransom to ransomware attackers, a policy that is partly based on the principle of not paying ransom in hostage situations. However, the popularity of digital currencies has facilitated ransomware crimes. Cryptocurrency not only reduces the traceability of payments, but also becomes a core cash-out tool for criminals.

In addition, CRI's diverse membership, including emerging powers such as India, Nigeria, and Mexico, reflects the trend of reshaping the international order. Through CRI, the United States can establish partnerships with these countries, which may not have been interested in traditional Western-led institutions. More importantly, the establishment of CRI stems from the need for a coordinated response by the international community in the face of major threats in cyberspace. In this regard, CRI's role is irreplaceable.

Finally, the CRI mechanism can continue to operate even without the participation of the United States. But the United States' deep involvement can significantly enhance its influence in international cybersecurity cooperation while strengthening its own defense capabilities. The ransomware problem is not a challenge that a single country can deal with alone. CRI provides a necessary collective response model. Compared with the United Nations or various treaty bodies, CRI's informal structure and broader membership give it a unique advantage in dealing with ransomware issues.

In summary, the International Anti-Ransomware Initiative provides a unique platform for addressing the global threat of ransomware. In promoting international cooperation, enhancing cyber resilience and strengthening capacity building, CRI has demonstrated its indispensable value. The new government should fully recognize the importance of this mechanism and continue to deepen cooperation with member states to jointly respond to this evolving cyber threat.