This week the National Security Council is facilitating an international counter-ransomware event with over 30 partners to accelerate cooperation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity.

Ransomware incidents have disrupted critical services and businesses worldwide – schools, banks, government offices, emergency services, hospitals, energy companies, transportation, and food companies have all been affected. Ransomware attackers have targeted organizations of all sizes, regardless of where they are located. The global economic losses from ransomware are significant. Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.

The Biden Administration has pursued a focused, integrated effort to counter the threat. Yet, government action alone is not enough. The Administration has called on the private sector, which owns and operates the majority of U.S. critical infrastructure, to modernize their cyber defenses to meet the threat of ransomware. The Administration has announced specific efforts to encourage resilience, including voluntary cyber performance goals, classified threat briefings for critical infrastructure executives and the Industrial Control Systems Cybersecurity Initiative. And, the Administration has stepped up to lead international efforts to fight ransomware. International partnership is key since transnational criminal organizations are often the perpetrators of ransomware crimes, leveraging global infrastructure and money laundering networks to carry out their attacks.

The Administration’s counter-ransomware efforts are organized along four lines of effort:

Actions to date within these lines of effort include:

Disrupt Ransomware Infrastructure and Actors

Bolster Resilience against Ransomware