Today,?the?government of?Canada?issued a statement announcing that Arctic Wolf will continue to co-chair the Counter Ransomware Initiative Public-Private Sector Advisory Panel in 2026,?alongside?Public Safety?Canada?and?BlackBerry. The panel will?also include member organizations such as Ensign?InfoSecurity, the Institute for Security and Technology, Microsoft, Palo Alto?Networks,?and the Royal United Service Institute.??
Why Global Collaboration Is Essential for Modern Ransomware Defense?
Collaboration?has always been fundamental to effective cybersecurity. Cybercrime does not respect borders, industries, or sectors, which means defending against it requires cooperation across governments, private organizations, and the broader security community.?
For those of us working in security operations, this collaboration is not just about sharing technical indicators or improving day-to-day defenses. It is also about contributing to something larger: helping?shape?how the world responds to cybercrime at a?global?policy level.?
What the CRI Is and Why It Matters??
It¡¯s?because of our?commitment?to?contributing?to the global cybersecurity community that?Arctic Wolf?participates?in the?International Counter Ransomware Initiative (CRI), the world¡¯s largest government-led?multilateral and cross-sectoral?coalition?focused on countering ransomware. Established in 2021, the CRI brings together more than 70 member governments that?not only?recognize ransomware as a serious national, economic, and public safety threat,?but are also committed to fighting?it by actively sharing lessons learned, and as appropriate, aligning policies, activities, public messaging and industry engagement.?This?type of?collaboration between the public and private sectors is critical to building relationships and increasing cyber resiliency to ransomware incidents.?
As Vice President of Labs, Threat Research and Intelligence at Arctic Wolf, I have had the privilege to serve as a co-chair of the CRI Public-Private Sector Advisory Panel since 2025, alongside representatives from the government of Canada and BlackBerry. This advisory panel was created to ensure that operational experience from the private sector, research community, and nonprofits helps shape how governments design ransomware policy and response strategies. In this role, Arctic Wolf works actively with a number of governments, law enforcement agencies, think tanks, industry partners, and leading research institutions to share practical insight into how ransomware operates in real environments. This includes contributing to trend reports, tabletop exercises, incident response guidance, and best practices for public-private collaboration in disrupting threat actors¡¯ infrastructure.?
As?we?regularly?report, the?impact?of ransomware is extensive, and often includes core business disruptions, data?loss?,and?potentially significant recovery costs.?In critical infrastructure sectors, such as health care, energy, or transportation, ransomware can cause physical harm to individuals or even result in loss of life?by cutting off access to essential services.?Yet?many countries facing these risks do not have access to advanced security capabilities or large-scale threat intelligence, often due to economic, regulatory, or infrastructure constraints.?
By?participating?in?the?CRI,?we have?a real?opportunity to extend the?value?of what we see operationally beyond the organizations we directly support. Sharing?our?expertise?from running one of the largest commercial SOCs in the world?with policymakers?and law enforcement partners from around the globe?helps?shape how?countries strengthen their defenses, including in regions where resources, tooling, or?expertise?may be limited.?For example, in October 2025, Arctic Wolf?presented?at the?5th?International?Counter Ransomware Initiative Summit alongside?Public Safety Canada, BlackBerry and other members of the advisory panel.?
Insights Shared at the 5th?International?Counter Ransomware Initiative Summit??
The event, hosted by the government of Singapore, gave Arctic Wolf the opportunity to present the results of collaborative ransomware research conducted by Arctic Wolf Labs, which incorporated insights from the Arctic Wolf? Aurora ºÚÁÏÉç, processing over 10 trillion events weekly, including Microsoft and government partners in Brazil, Canada, Singapore, and the United States. With more than 150 international representatives from 60 countries and non-governmental organizations in attendance, the report identified the most common ransomware tools, infrastructure, and exploits used by the most active ransomware groups in the first half of 2025, shedding light on the emerging strategies and tactics cybercriminals are leveraging to target their victims. ?
With that level of?behavioral?insight?at the global level,?national governments and their?private sector?partners are empowered to?not only invest more resources into the fight against ransomware,?but to seek earlier detection?and?stronger mitigation, as well as?pursue?disruption of multiple threat actors at once, rather than reacting to each group in isolation.?Member organizations at the?summit?agreed that improved information sharing will be paramount to achieving these goals.?The public sector and private sector need to work more closely together to thwart emerging threats, and?governments?need to share?best practices with each other to boost the overall resilience of the public sector.??
At the end of the?summit, the CRI Steering Committee issued a??reaffirming a joint commitment to build collective resilience against ransomware threats, support members undergoing ransomware attacks, hold criminal ransomware actors accountable and deny them?safe haven, and promote responsible?State behavior in cyberspace.?
In a threat landscape that is inherently global, public-private collaboration allows knowledge and lessons learned to travel further than any single organization ever could.?By?identifying?critical areas of?risk and sharing threat intelligence, both public and private sectors can better defend against ransomware operations.?The CRI and the?Public-Private?Sector?Advisory Panel support this type of effective information?sharing, strengthening relationships between industry and government, and?increasing cyber resiliency to ransomware incidents.?
For those of us with front line visibility into how cybercriminals operate, working alongside government and industry partners, policymakers, and law enforcement at the highest level of global influence is not just helpful, it is part of our responsibility to the communities we serve.?
Learn more about the .
And find more information on the latest?.
.?
