DHS Secretary Mayorkas and EU Commissioner Johansson announce the intent to form a new U.S.-EU working group to fight ransomware

Secretary of Homeland Security Alejandro N. Mayorkas and EU Commissioner Johansson announced the intent to form a new U.S.-EU working group to fight ransomware.  Separately, the EU has issued the bulletin Commission proposes a Joint Cyber Unit to step up response to large-scale security incidents. In response, international cybersecurity expert Dr. Chenxi Wang offers perspective on ongoing transnational cooperation on ransomware and other major cyber threats.

Policy Insight:

Dr. Chenxi Wang, General Partner, Rain Capital  (she/her – former Forrester VP of Research and Carnegie Mellon professor):

Ransomware is now an international problem and it will require International-scale coordination and collaboration as a response. Information sharing is one area in which the EU and US can strengthen their collaboration. Ransomware gangs may target businesses in multiple regions. The ability to share attack signatures and tactics, techniques, and procedures (TTPs) in a timely manner can be an effective measure against widespread ransomware attacks. Special criminal prosecution and extradition policies for ransomware offenses are another area that the EU and US can tackle. Criminals may think twice about targeting another country’s businesses or infrastructure if they know they could be prosecuted in that country’s jurisdiction. Establishing a no-ransomware treaty could be another area for collaboration. The impact of ransomware could rival some of the most destructive weapons ever created in human history. That is why a treaty, much in the same vein as the Nuclear Arms treaty may be required to contain this problem. Traditional measures like law enforcement are difficult to work across International boundaries when sovereign countries have different views and attitudes toward the problem. Countries may have to work on special laws/policies for prosecution and extradition for ransomware offenses across the borders. Having a coalition between the EU and US on ransomware helps, but there are other countries where there are very few economic opportunities. People in those countries may turn to cybercrime as an outlet and their local law enforcement may not be incentivized to do anything, as these activities may create economic value for the country. This is an international-scale problem, and countries need to work together to create an international-scale response. EU-US coalition could be the first step, but collaboration must extend to other countries where cybercrimes are rampant.”