untrusted documents. We are committed to working together and with the private sector to promote
improvements in basic cyber hygiene to boost network resilience and mitigate the risk of
ransomware.
Nations should also consider appropriate steps to promote incident information sharing between
ransomware victims and relevant law enforcement and cyber emergency response teams (CERTs),
with protection for privacy and human rights. Such sharing enables cybercrime investigations and
prosecutions, and facilitates broad distribution of cyber threat mitigation steps.
Moving forward, we are committed to sharing lessons learned and best practices for development
of policies to address ransom payments, as appropriate. We will also engage with private sector
entities to promote incident information sharing and to explore other opportunities for collective
buy-down of risk. Further, we note that resilience efforts are most effective when accountable
senior leaders with the ability to direct resources, balance associated trade-offs, and drive outcomes
are actively involved in cybersecurity decision-making.
Countering Illicit Finance
Ransomware is primarily a profit-seeking endeavor, commonly leveraging money laundering
networks to move ransomware proceeds. We recognize the significant potential for combating
ransomware through enhanced international cooperation to inhibit, trace, and interdict ransomware
payment flows, consistent with national laws and regulations, which will drive down economic
incentives for ransomware actors. Cooperation can include a wide range of activities, such as
efforts intended to facilitate customer due diligence, suspicious activity reporting, and transaction
monitoring.
Taking action to disrupt the ransomware business model requires concerted efforts to address illicit
finance risks posed by all value transfer systems, including virtual assets, the primary instrument
criminals use for ransomware payments and subsequent money laundering. We acknowledge that
uneven global implementation of the standards of the Financial Action Task Force (FATF) to
virtual assets and virtual asset service providers (VASPs) creates an environment permissive to
jurisdictional arbitrage by malicious actors seeking platforms to move illicit proceeds without
being subject to appropriate anti-money laundering (AML) and other obligations. We also
recognize the challenges some jurisdictions face in developing frameworks and investigative
capabilities to address the constantly evolving and highly distributed business operations involving
virtual assets.
We are dedicated to enhancing our efforts to disrupt the ransomware business model and
associated money-laundering activities, including through ensuring our national AML frameworks
effectively identify and mitigate risks associated with VASPs and related activities. We will
enhance the capacity of our national authorities, to include regulators, financial intelligence units,
2