Speech by Minister Josephine Teo at the 5th International Counter Ransomware Initiative (CRI) Summit on 24 October 2025

The CRI Summit was first held in 2021, whilst the world was still battling the Covid pandemic. There were just over 30 founding members, comprising diplomats, law enforcement officials, policymakers, financial regulators, and cybersecurity practitioners. Before the CRI, there was no dedicated multilateral platform to tackle the ransomware threat. A key driving force was US leadership. It was pivotal in mobilising countries to come together to tackle this common security threat.

Another important factor was the CRI's inclusive, big-tent approach. It was decided early that membership was not a matter of ideology. Rather, the CRI would welcome any country prepared to hold ransomware actors accountable and deny them safe harbour. This decision has been fundamental to the CRI's effectiveness.

Today, with 74 members, the CRI has evolved into a more structured platform. It has four pillars - Diplomacy, Operations, Policy, and - for the first time this year - Private Sector participation.

The work of the CRI remains of vital importance. This is because ransomware threats have become so pervasive that they now pose a real challenge to our economies and national security.

Consider this: over 5,700 ransomware cases have been recorded globally from January through September this year. That means a ransomware case every one hour and eight minutes somewhere in the world.

However, the beginnings of ransomware were less dramatic. You may recall the first widely documented attack that occurred in 1989, when a Trojan was distributed via floppy disk at the World Health Organisation's AIDS Conference. The malware would encrypt files, and demands for payment followed. While notable, the attack was primitive and limited in its impact.

Fast-forward to May 2021, when the world woke up to news about Colonial Pipeline. A single ransomware attack had shut down the largest fuel pipeline system in the United States for six days. Panic buying. Fuel shortages. Economic disruption. This was no longer just a domestic criminal issue - it had become a national security threat.

In June last year, the Qilin ransomware gang attacked Synnovis, a pathology supplier to major NHS Trusts in the United Kingdom. As a result, over 3,300 outpatient appointments and more than 1,200 elective procedures had to be postponed in the first month alone. Patients could not get the care they needed, and lives were put at risk.

Despite the high stakes, the ransomware challenge is a wicked problem with no easy solutions.

First, the criminals are hard to identify, track, and apprehend. They hide behind layers of anonymity, operate across borders, and funnel their ill-gotten profits through cryptocurrency mixers.

Second, victims face a difficult dilemma. Many do not want to pay the ransom. But when their entire business or people's lives hang in the balance, they may feel there is no alternative. And yet, payment may not guarantee an end to their woes. Further, it will fuel the illicit industry.

Third, we're no longer fighting individual criminals. There is now a thriving transnational ecosystem comprising Ransomware-as-a-Service, affiliate networks, and money laundering operations. With a small monthly fee, one can buy access to ransomware kits that could yield millions in ransom.

What's more, these three factors amplify and reinforce each other.

Against such adversaries, the international community must band together.

Through the CRI, we have developed a common stance. For example, the 2023 Joint Statement Discouraging the Payment of Ransom to Ransomware Actors was the first time the international community had declared that "member governments should not pay ransoms", sending a clear, unified signal to ransomware threat actors worldwide.

We have also deepened our collective understanding of the threat. More attention is now being paid to upstream issues, such as conducting research to deepen our understanding of the drivers behind the ransomware ecosystem, as well as sharing best practices in legal and regulatory measures.

Table-top Exercises (TTX) have helped member States to identify gaps in their responses to ransomware incidents. And there have been efforts to provide practical tools, such as the 2024 UK-Singapore-led Guidance Document on steps organisations can take if they are hit by a ransomware incident.

Last but not least, the Private Sector Engagement Working Group (PSEWG) Pillar, chaired by Canada, was established in 2024, bringing on board a crucial partner in the fight against ransomware.

As the CRI continues to grow, we must ensure it remains relevant and effective. I would like to offer three suggestions on how we can do so.

First, the CRI should stay focused on dismantling criminal operations in ransomware. We should not allow ransomware criminals to exploit differences in political points of view or gaps in enforcement across borders.

Second, we should address practical challenges. This means better intelligence sharing, deeper operational collaboration, and systematic sharing of best practices to level up our collective capabilities.

Third, we must remain nimble. This may involve reviewing the structure of the CRI to keep it impactful. For example, striking a balance between maintaining institutional continuity while providing flexibility for smaller groups to lead initiatives.

Singapore is committed to supporting these efforts. We will continue to lend momentum to the CRI, and we stand ready to work with colleagues to help the CRI grow stronger, and not just larger.

To conclude, the CRI represents our collective resolve against the global scourge of ransomware.

No country, no matter their capabilities or experience, can combat this wicked problem effectively by going alone.

Through the success of the CRI and through our efforts in international partnerships, we safeguard not only our own infrastructure, but the future of our shared digital ecosystem.

Once again, I thank you all for your presence here today, and wish you fruitful discussions.