The Counter Ransomware Initiative (CRI) is a voluntary international coalition convened by the United States to coordinate national responses to the growing threat of ransomware. It was launched in October 2021 as a virtual summit hosted by the White House National Security Council, bringing together roughly 30 countries and the European Union. Subsequent annual summits in Washington expanded participation, with more than 50 members reported by the 2023 gathering, including Australia, the United Kingdom, Germany, Japan, India, South Korea, Israel, Nigeria, and others.
The CRI is not a treaty-based body and produces no binding law. Instead, it functions through working groups and joint statements. Its work is typically organized around several pillars, including:
- Resilience: sharing best practices on network defense and incident response.
- Disruption: coordinating law enforcement and intelligence operations against ransomware infrastructure, cryptocurrency laundering, and safe-haven actors.
- Countering illicit finance: improving virtual-asset regulation and information sharing among financial intelligence units, often in coordination with FATF standards.
- Diplomacy and public policy: aligning messaging on issues such as ransom payments.
A notable political output came at the 2023 summit, when members issued a joint statement declaring that their governments should not pay ransomware ransoms — a significant, though non-binding, normative commitment. The CRI has also stood up an International Counter Ransomware Task Force, originally led by Australia, to enable continuous operational cooperation between summits.
Critics note the CRI's limits: it excludes Russia and China, where many ransomware operators are believed to reside or transit funds; it cannot compel private-sector victims to refuse payment; and attribution remains technically and politically difficult. Supporters argue it has nonetheless raised the diplomatic cost of harboring cybercriminals and helped institutionalize cross-border takedowns such as those against Hive (2023) and LockBit (2024), even though those specific operations were led by national agencies rather than the CRI itself.
Example
At the third CRI summit in Washington in October 2023, member states jointly pledged that their own governments would not pay ransoms to cybercriminals.
Frequently asked questions
No. It is a non-binding political coalition that operates through summits, working groups, and joint statements rather than a formal international agreement.
Keep learning