United against ransomware: how Quad partnerships can lead the way

As ransomware attacks wreak havoc globally, policy coordination across Quad member states can disrupt the business model of cyber criminals inflicting significant financial damage on businesses and citizens.

Read time: 6 mins

Based on Combatting Ransomware Policy Paper published August 2023.

Key takeaways

1

Coordination among Quad countries could help efforts to respond to ransomware attacks and disrupt the global business model of cyber criminals.

2

ANU research shows industry and business support unified action by Quad countries to combat ransomware attacks.

3

Research indicates that initiatives that strengthen and coordinate reporting of ransomware attacks work.

To help fight increasingly sophisticated actors, direct action from Quad countries would help efforts to respond to ransomware attacks and disrupt the global business model of cyber criminals.

ANU research outlined the broad support from industry and business for coordinated and unified action among Quad countries in the face of ransomware attacks.

The research points to several policy options.

Countries could use Quad forums to condemn the activities of ransomware criminals and articulate a joint policy position strongly discouraging payment of ransoms.

This wouldn’t have to mean calling for a total ban or the criminalisation of payment of ransoms. This may lead to undesirable outcomes for the victims of cybercrime or deter reporting. While ransoms usually shouldn’t be paid, there’s still a need for nuanced, case-by-case assessment, especially in scenarios where death is a possibility.

The Quad could be used to introduce common mandatory disclosure requirements across member governments, compelling entities that pay ransoms to confidentially notify an appropriate authority within 24 hours of the decision to pay.

While the payment of ransoms should continue to be deterred, when payment occurs due to exceptional circumstances, it’s critical that accurate and timely information is gathered to enhance mitigation, law enforcement and policy responses.

Research suggests that policymakers should consider common mandatory disclosure requirements that compel entities that pay ransoms to confidentially notify an appropriate authority within 24 hours of the decision to pay.

Given the public importance of collecting such information, support for victims of cyber-crime to report ransomware payments and attacks would be enhanced with safe harbour protections.

While there are differing views among experts regarding the benefits of public and confidential disclosures to government agencies, there’s strong support for public access to de-identified datasets for the purposes of increased public awareness and future policy research.

Finally, research showed that Quad countries should harmonise cyber incident reporting across their jurisdictions. 

Quad countries should develop a common set of minimum reporting requirements and automate sharing and distribution of incident reports via respective domestic threat-sharing platforms. This would allow governments to mutually recognise reporting, minimising the reporting burden on victims, and maximising threat-sharing at scale in real time.

“Direct action from Quad countries would help efforts to respond to ransomware attacks and disrupt the global business model of cyber criminals.”

Conclusion
As high-profile incidents from recent years show, ransomware attacks are becoming more frequent and difficult to stop. Work from ANU has shown that the Australian Government can take coordinated action with other Quad nations to better respond to these attacks and weaken the industry’s global business model.

Based on the work of ANU experts

ANU Tech Policy Design Centre