Australia is set to lead global discussions on the disruption of ransomware protagonists at an international summit convened by the White House, as several nations attempt to clarify increasingly blurred doctrinal boundaries and proportionate responses to recent incidents.

The Department of Home Affairs has confirmed secretary Mike Pezzullo and group manager and Australian Federal Police Assistant Commissioner Justine Gough lead the Australian delegation.

A Home Affairs spokesman told The Mandarin that Australia currently leads the Disruption Working Group, which seeks to support law enforcement through the consideration of policy frameworks and best practice to disrupt ransomware groups.

“This engagement is an important part of Australia’s ongoing work with international partners to counter the global threat of ransomware and the malicious actors who seek to cause harm online,” the Home Affairs spokesman said.

The pair will have certainly plenty of meaty local case studies to offer up following recent attacks on Optus, Medibank and now Defence.

Dubbed the Second International Counter Ransomware Initiative Summit, the cyber soiree is essentially a US-led multi-lateral pest control effort to rein in both attackers and the potency of hacking activities by coordinating responses and protections.

According to the White House, 36 nations are attending the now in-person event after last year’s inaugural virtual event.

In-person events and briefings are the preferred option for the cyberati these days, partly to guard against electronic intruders and probes and partly because many agencies live in air-gapped Faraday cages specifically designed to circumvent virtual connectivity.

The US is certainly pumping the event as a vital international discussion, not least because it’s usually US-headquartered software systems that are targeted by hackers seeking to exfiltrate information or extort organisations, or often both.

“We launched the Counter Ransomware Initiative (CRI) last year to build on president Biden’s leadership to rally allies and partners to counter the shared threat of ransomware,” a senior administration official said in a briefing.

“At last year’s virtual summit, we convened ministers and senior officials from over 30 countries and the EU to accelerate cooperation to counter ransomware.”

The senior administration official said a key message of the CRI was that the US was prepared “to invest the time, the energy and the skill — to lead on hard international problems” but that the US was “not going to hog the floor”.

As a Five Eyes partner, Australia is regarded as a key US ally in cyber operations that often traverse the national security, SIGINT and law enforcement spheres.

Australia’s model, where its signals intelligence bureau has offensive cyber powers, is a source of fascination to the US where the idea that a foreign signals intelligence collection agency could be involved in coordinated joint efforts with domestic law enforcement would be a political anathema.

It also helps the US and European nations that there is a potent offensive cyber capability outside their own spheres able to hit miscreant boxes while remaining on the right side of doctrine.

“Many governments have been indispensable to the CRI partnership’s success, but I’d like to quickly recognise seven countries in particular that have been leading our working groups and driving work every single day: India and Lithuania for resilience, we intentionally chose those to have both a large and a small country; Australia for disruption; Singapore and the United Kingdom for virtual currency, clearly because they’re both banking centres in both the West and the East; Spain for public-private partnerships; and Germany for diplomacy,” the senior administration official said.

A major enabler of ransomware crews has been the swift rise of cryptocurrencies that allow illicit funds to be moved more quickly and anonymously.

At the same time, ransomware protagonists are using the release of stolen data as a means to extort funds – a trend the US is acutely aware of thanks to Australia’s experiences.

“I just was talking to my Australian counterpart, who highlighted a ransomware attack against healthcare networks and insurance and the concerns that they are related to that information,” the senior administration official said. “That’s one of the problems we’re going to be discussing, and we’ve teed up some potential approaches.”

Whether those approaches involve taking certain coin boxes out of operation to destroy profits remains to be seen. But it’s always been an option.

There is also sideline chatter about whether the open data and open banking regimes are attracting too many pests and need to be better fortified before being fully rolled out.

A major bone of contention is the UK experience that has created a huge new market in authorised push payments fraud and scams that many markets regard as polluting the financial system.

The problem there is that the funds extracted are not coin, they are cash, making the fraud pay handsomely once again.