On 2 September 2022 EU Cyber Direct organised the lunch discussion ‘Investigating Ransomware: Lessons from International Cooperation against Cybercrime’ in the margins of the third session of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes. The event was co-hosted by the EU Delegation to the UN, the Permanent Mission of Nigeria to the UN, the Argentinian Ministry of Security, the Ministry of External Relations of Costa Rica, and the Permanent Mission of Austria to the UN.
Following opening remarks from Permanent Representative of the European Union to the UN Ambassador Olof Skoog, the event began by considering lessons on countering ransomware from Costa Rica, a country that recently declared a state of national emergency amid a series of crippling attacks targeting public sector services and ministries. This was following an overview of challenges and international cooperation in investigating ransomware from the United Nations Office of Drugs and Crime and a discussion around the effectiveness and limitations of existing international instruments. During the subsequent panel and meeting, UN delegates, government representatives and members of the multistakeholder community drew on best practices and examples of international cooperation from governments, regional organisations like the Council of Europe, and initiatives like the Institute for Security and Technology’s Ransomware Taskforce which has recently published a set of Key Recommendations and Comprehensive Framework for Action.
In the context of the Ad-Hoc Committee process underway at the UN, the session also outlined some minimum standards that could be set through a new international treaty, including preservation requests and joint investigation teams, a data-retention framework, public-private partnerships, and other effective mechanisms for international coordination and cooperation.