The Counter Ransomware Initiative (CRI) is a multilateral grouping launched by the United States in October 2021 to coordinate state responses to the global ransomware threat. It began as a virtual meeting convened by the White House National Security Council with roughly 30 partner countries and the European Union, and has since expanded to more than 50 members spanning every populated continent.
The CRI operates outside formal treaty structures. It functions through annual summits hosted in Washington, D.C., supplemented by working groups that address discrete problem sets, including:
- Disruption of ransomware infrastructure and threat actors, often coordinated with law enforcement operations.
- Illicit finance, focused on tracing cryptocurrency flows and tightening anti-money-laundering controls on virtual asset service providers.
- Resilience, sharing playbooks, incident response practices, and exercises.
- Diplomacy and capacity building, pressing states that harbor ransomware operators.
- Public-private partnership, including an information-sharing platform piloted with industry.
At the 2023 summit, CRI members issued a joint statement declaring that member governments should not pay ransoms — a notable, if non-binding, political commitment. The initiative has also produced shared blocklists of malicious wallets through the International Counter Ransomware Task Force, which Australia chaired as inaugural lead.
CRI is significant for several reasons relevant to IR researchers. First, it is one of the clearest examples of minilateral cyber diplomacy: a coalition of the willing assembled to fill gaps left by stalled UN-track negotiations such as the Open-Ended Working Group and the Ad Hoc Committee on Cybercrime. Second, it deliberately excludes Russia and China, reflecting a normative split over state responsibility for cybercriminals operating from their territory. Third, it blurs the line between law enforcement cooperation, financial regulation, and national security policy.
Critics note that CRI commitments are political rather than legally binding, enforcement is uneven, and several members have themselves paid ransoms despite the joint declaration.
Example
In 2023, the third CRI summit in Washington gathered around 50 members, including Australia, the UK, Japan, Nigeria, and the EU, who jointly pledged that their governments would not pay ransomware demands.
Frequently asked questions
No. It is an informal political coalition without a charter, secretariat, or binding obligations; commitments are made through joint statements at annual summits.
Keep learning