Today, the government of Canada issued a statement announcing that Arctic Wolf will continue to co-chair the Counter Ransomware Initiative Public-Private Sector Advisory Panel in 2026, alongside Public Safety Canada and BlackBerry. The panel will also include member organizations such as Ensign InfoSecurity, the Institute for Security and Technology, Microsoft, Palo Alto Networks, and the Royal United Service Institute.
Why Global Collaboration Is Essential for Modern Ransomware Defense
Collaboration has always been fundamental to effective cybersecurity. Cybercrime does not respect borders, industries, or sectors, which means defending against it requires cooperation across governments, private organizations, and the broader security community.
For those of us working in security operations, this collaboration is not just about sharing technical indicators or improving day-to-day defenses. It is also about contributing to something larger: helping shape how the world responds to cybercrime at a global policy level.
What the CRI Is and Why It Matters
It’s because of our commitment to contributing to the global cybersecurity community that Arctic Wolf participates in the International Counter Ransomware Initiative (CRI), the world’s largest government-led multilateral and cross-sectoral coalition focused on countering ransomware. Established in 2021, the CRI brings together more than 70 member governments that not only recognize ransomware as a serious national, economic, and public safety threat, but are also committed to fighting it by actively sharing lessons learned, and as appropriate, aligning policies, activities, public messaging and industry engagement. This type of collaboration between the public and private sectors is critical to building relationships and increasing cyber resiliency to ransomware incidents.
As Vice President of Labs, Threat Research and Intelligence at Arctic Wolf, I have had the privilege to serve as a co-chair of the CRI Public-Private Sector Advisory Panel since 2025, alongside representatives from the government of Canada and BlackBerry. This advisory panel was created to ensure that operational experience from the private sector, research community, and nonprofits helps shape how governments design ransomware policy and response strategies. In this role, Arctic Wolf works actively with a number of governments, law enforcement agencies, think tanks, industry partners, and leading research institutions to share practical insight into how ransomware operates in real environments. This includes contributing to trend reports, tabletop exercises, incident response guidance, and best practices for public-private collaboration in disrupting threat actors’ infrastructure.
As we regularly report, the impact of ransomware is extensive, and often includes core business disruptions, data loss ,and potentially significant recovery costs. In critical infrastructure sectors, such as health care, energy, or transportation, ransomware can cause physical harm to individuals or even result in loss of life by cutting off access to essential services. Yet many countries facing these risks do not have access to advanced security capabilities or large-scale threat intelligence, often due to economic, regulatory, or infrastructure constraints.
By participating in the CRI, we have a real opportunity to extend the value of what we see operationally beyond the organizations we directly support. Sharing our expertise from running one of the largest commercial SOCs in the world with policymakers and law enforcement partners from around the globe helps shape how countries strengthen their defenses, including in regions where resources, tooling, or expertise may be limited. For example, in October 2025, Arctic Wolf presented at the 5th International Counter Ransomware Initiative Summit alongside Public Safety Canada, BlackBerry and other members of the advisory panel.
Insights Shared at the 5th International Counter Ransomware Initiative Summit
The event, hosted by the government of Singapore, gave Arctic Wolf the opportunity to present the results of collaborative ransomware research conducted by Arctic Wolf Labs, which incorporated insights from the Arctic Wolf® Aurora Platform, processing over 10 trillion events weekly, including Microsoft and government partners in Brazil, Canada, Singapore, and the United States. With more than 150 international representatives from 60 countries and non-governmental organizations in attendance, the report identified the most common ransomware tools, infrastructure, and exploits used by the most active ransomware groups in the first half of 2025, shedding light on the emerging strategies and tactics cybercriminals are leveraging to target their victims.
With that level of behavioral insight at the global level, national governments and their private sector partners are empowered to not only invest more resources into the fight against ransomware, but to seek earlier detection and stronger mitigation, as well as pursue disruption of multiple threat actors at once, rather than reacting to each group in isolation. Member organizations at the summit agreed that improved information sharing will be paramount to achieving these goals. The public sector and private sector need to work more closely together to thwart emerging threats, and governments need to share best practices with each other to boost the overall resilience of the public sector.
At the end of the summit, the CRI Steering Committee issued a summary, reaffirming a joint commitment to build collective resilience against ransomware threats, support members undergoing ransomware attacks, hold criminal ransomware actors accountable and deny them safe haven, and promote responsible State behavior in cyberspace.
In a threat landscape that is inherently global, public-private collaboration allows knowledge and lessons learned to travel further than any single organization ever could. By identifying critical areas of risk and sharing threat intelligence, both public and private sectors can better defend against ransomware operations. The CRI and the Public-Private Sector Advisory Panel support this type of effective information sharing, strengthening relationships between industry and government, and increasing cyber resiliency to ransomware incidents.
For those of us with front line visibility into how cybercriminals operate, working alongside government and industry partners, policymakers, and law enforcement at the highest level of global influence is not just helpful, it is part of our responsibility to the communities we serve.
Learn more about the Advisory Panel and its members.
And find more information on the latest Counter Ransomware Initiative Summit visit.
