Session
Speaker 1: Giacomo Persi Paoli, Intergovernmental Organization, Intergovernmental Organization
Speaker 2: Stephane DUGUIN, Civil Society, Eastern European Group
Speaker 3: Kaja Ciglic, Private Sector, Eastern European Group
Speaker 4: Julia Rodriguez, Government, Latin American and Caribbean Group (GRULAC)
Speaker 2: Stephane DUGUIN, Civil Society, Eastern European Group
Speaker 3: Kaja Ciglic, Private Sector, Eastern European Group
Speaker 4: Julia Rodriguez, Government, Latin American and Caribbean Group (GRULAC)
Moderator
Giacomo Persi Paoli, Intergovernmental Organization, Intergovernmental Organization
Online Moderator
John Hering, Private Sector, Western European and Others Group (WEOG)
Rapporteur
John Hering, Private Sector, Western European and Others Group (WEOG)
Format
Classroom
Duration (minutes): 90
Format description: This workshop is envisioned as equal parts a sharing and learning experience in exchange with the community attending IGF 2025. A classroom setting will allow the group of expert speakers from across stakeholder groups to present the central challenges posed by ransomware gangs from a diversity of perspectives, and for the civil society speaker to present an associated pilot program they are launching. However, this is not meant to be a panel discussion and the classroom setup will also structurally help facilitate direct engagement with participants with valuable insights around how to design and implement a new international instrument to have more enduring success. A 90-minute workshop will provide enough time for the presentation/exploration of the issue space by the session speakers, as well as for robust engagement with the expertise and interests of participants, and finally a summary of key findings at the end.
Duration (minutes): 90
Format description: This workshop is envisioned as equal parts a sharing and learning experience in exchange with the community attending IGF 2025. A classroom setting will allow the group of expert speakers from across stakeholder groups to present the central challenges posed by ransomware gangs from a diversity of perspectives, and for the civil society speaker to present an associated pilot program they are launching. However, this is not meant to be a panel discussion and the classroom setup will also structurally help facilitate direct engagement with participants with valuable insights around how to design and implement a new international instrument to have more enduring success. A 90-minute workshop will provide enough time for the presentation/exploration of the issue space by the session speakers, as well as for robust engagement with the expertise and interests of participants, and finally a summary of key findings at the end.
Policy Question(s)
A. How could a UN instrument, or other international institution, support more coordinated efforts to address ransomware gangs?
B. What should be the expectation of governments when notified of ransomware gangs operating from within their borders?
C. What is needed from the private sector and civil society to support intergovernmental efforts to take action against ransomware gangs?
What will participants gain from attending this session? IGF participants will have the opportunity to better understand the scale, impact and main drivers of growing numbers of ransomware attacks, as presented by experts from government, industry, civil society, and the UN. They will also learn about ongoing efforts led by civil society to promote visibility of ransomware attacks and their impacts and to hold governments accountable to their due diligence obligations. Finally, participants will be asked to provide insights and guidance on how current efforts could be translated into more enduring solutions in the form of a new international instrument to support cooperation and accountability to stop ransomware, including what kind of support from the tech sector would be needed.
Description:
Ransomware has emerged as an urgent and pernicious global cybersecurity challenge, with attacks growing by nearly 300% last year. The rise of cryptocurrencies and off-the-shelf ransomware tools have empowered growing numbers of criminal groups to conduct ransomware attacks, often from safe haven countries/regions where they are unlikely to face prosecution. The threat of ransomware attacks, especially targeting critical infrastructure, has become a leading national security concern among UN member states participating in the Open Ended Working Group (OEWG) on information security. As the work of that OEWG comes to a close this summer, there is need to determine concrete next steps for the international community to take further action to curb the growing numbers of ransomware attacks. This workshop at the 2025 Internet Governance Forum will explore how a potential new instrument – within the UN or outside – might help facilitate international cooperation and support accountability in the fight against ransomware. Such an instrument could further support capacity building and/or allow states to report publicly where ransomware attacks are originating to encourage others to take action within their jurisdictions. Leveraging the expertise of the IGF community, the workshop will consider how the private sector might support these efforts with relevant data and how civil society could help incubate and demonstrate the potential of the idea further. Representatives from UNIDIR, Microsoft, and the CyberPeace Institute, as well as the government of El Salvador, will provide insights on the scale of the challenge and avenues to strengthen cooperation against ransomware. They will also facilitate a broader discussion with others in the IGF community to seek input on how such a new international instrument could best be structured and supported to be successful, with an eye towards how it could strengthen cyber resilience among developing countries in particular.
Ransomware has emerged as an urgent and pernicious global cybersecurity challenge, with attacks growing by nearly 300% last year. The rise of cryptocurrencies and off-the-shelf ransomware tools have empowered growing numbers of criminal groups to conduct ransomware attacks, often from safe haven countries/regions where they are unlikely to face prosecution. The threat of ransomware attacks, especially targeting critical infrastructure, has become a leading national security concern among UN member states participating in the Open Ended Working Group (OEWG) on information security. As the work of that OEWG comes to a close this summer, there is need to determine concrete next steps for the international community to take further action to curb the growing numbers of ransomware attacks. This workshop at the 2025 Internet Governance Forum will explore how a potential new instrument – within the UN or outside – might help facilitate international cooperation and support accountability in the fight against ransomware. Such an instrument could further support capacity building and/or allow states to report publicly where ransomware attacks are originating to encourage others to take action within their jurisdictions. Leveraging the expertise of the IGF community, the workshop will consider how the private sector might support these efforts with relevant data and how civil society could help incubate and demonstrate the potential of the idea further. Representatives from UNIDIR, Microsoft, and the CyberPeace Institute, as well as the government of El Salvador, will provide insights on the scale of the challenge and avenues to strengthen cooperation against ransomware. They will also facilitate a broader discussion with others in the IGF community to seek input on how such a new international instrument could best be structured and supported to be successful, with an eye towards how it could strengthen cyber resilience among developing countries in particular.
Expected Outcomes
Insights gained from this workshop will help inform reporting and recommendations The CyberPeace Institute will compile in its final submission to the UN OEWG on information security before their concluding session in July. It will include examples of the harms caused by ransomware, information on the gangs themselves, and recommendations for how the UN could support taking action against ransomware gangs as part of a future permanent mechanism for international cybersecurity. The representative from UNIDIR will also take learnings from the session into consideration as the organization considers what its role should be in supporting the permanent mechanism.
Hybrid Format: Inclusive facilitation:
Dedicated in-person and online moderators will ensure throughout that there is active engagement with audiences both in the room and online. This includes maintaining and insisting on a balance between participation of those in the room and online. Ultimately, this session hopes to benefit from breadth of expertise the IGF is able to bring together each year, which makes it important that all voices are able to be heard.
Inclusive session design:
An opportunity for breakout groups at the midpoint of the session will hope to facilitate a direct exchange among those online regarding the central questions of the session. Key insights from these breakout rooms will then be shared live with all participants, online and in-person. Socialization and promotion of the workshop leading up to IGF2025 will encourage attendees to join either in-person or online.
The session will be conducted via the A/V tools provided by IGF.