3-4 November 2022, The Hague, Netherlands
International workshop on conducting criminal investigations of ransomware attacks
Picture: copyrights Eurojust
Cybercrime is a transnational phenomenon, which continues to grow and attract criminals exploiting new opportunities offered by digitalisation and increasing use of the internet in daily life. It has evolved into a significant threat to fundamental rights, democracy and the rule of law, as well as to international peace and stability, and has a major social and economic impact. Cybercrime further increased during the COVID-19 pandemic that forced societies to rely more and more on computer systems to communicate, shop, share and receive information and to telework.
Recent years have in particular seen the rise of ransomware offences as a particularly serious form of cybercrime that is affecting core interests of individuals, businesses and governments. While offenders have committed different forms of cybercrime to extort ransom for decades, more complex forms of ransomware and related offences have emerged over the last ten years because of technology permitting:
- strong but reversible encryption of victims’ computer data or systems;
- use of communication systems that are difficult to trace in order to send requests for ransom payments as well as decryption tools;
- payment of ransom in a manner that is difficult to trace such as through virtual currencies that are easier to obfuscate than traditional fiat currencies.
The “WannaCry” and “NotPetya” attacks of 2016/2017 had global impact. Ransomware offences and ransomware-as-a-service keep increasing in numbers, seriousness and impact. Several ransomware attacks in 2022 affected the critical infrastructure in a number of countries, and in one country a national emergency was declared as a consequence.
Governments all over the world have taken a range of measures to address these challenges, which often includes the adoption and amendment of legislation based on the Budapest Convention on Cybercrime and strengthening the skills of criminal justice authorities through capacity building activities, including with the support of the Council of Europe.
EUROJUST and the Council of Europe have therefore agreed to organise a joint international workshop on criminal investigations of ransomware attacks. It aims to bring together experts from countries around the world to share information on trends and techniques of ransomware attacks, to exchange experience on tools that are available to investigate and prosecute such offences and to engage in international cooperation.
Eurojust stimulates the coordination of investigations and prosecutions between the competent authorities of different EU Member States, thus increasing efficiency of investigations and enhancing cooperation on cross-border crime, including cybercrime.
The European Union and the Council of Europe assist countries through a range of joint capacity building projects implemented by the Cybercrime Programme Office of the Council of Europe (C-PROC). These projects are aimed primarily at criminal justice authorities of countries committed to comply with the standards of the Budapest Convention on Cybercrime and its protocols.
Opening session
- Margarita Šniutytė-Daugėlienė, Vice President, EUROJUST
- Edvardas Sileris, Head of Department, European Cybercrime Centre, EUROPOL
- Alexander Seger, Head of Cybercrime Programme Office (C-PROC), Council of Europe
Session I - Threats, trends and impact of ransomware attacks
- Edvardas Sileris, Head of Department, European Cybercrime Centre, EUROPOL
- Carlos Castro Sojo, Prosecutor, Public Ministry of Costa Rica
- Edmond Koloshi, Prosecutor, General Prosecutor’s Office, Albania
- Miroslav Turkovic, Special Prosecutor’s Office, Montenegro
Session II - Criminal justice response: criminalisation, procedural powers, investigative tools and instruments and initiatives for cross-border cooperation
- Marian Behn, Police Dusseldorf, Germany
- Alexander Seger, Head of Cybercrime Programme Office, (C-PROC), Council of Europe
- Edvardas Sileris, Head of Department, European Cybercrime Centre, EUROPOL
Session III - Conducting criminal investigations of ransomware attacks: lessons learned and best practices
- Paul Johnstone, European Judicial Cybercrime Network’s (EJCN) member, Ireland
- Knut Jostein Sætnan, Police prosecutor and EJCN member, Norway
- Dr Albert Antwi-Boasiako, Acting Director-General of the Cyber Security Authority, Ghana
- Cybercrime Programme Office (C-PROC), Council of Europe
Session IV - Public-private partnership against ransomware attacks
- Catalin Cosoi, Council of Europe expert
- Edvardas Sileris, Head of Department, European Cybercrime Centre, EUROPOL
Session V - Capacity building support to counter ransomware attacks
- Cybercrime Programme Office (C-PROC), Council of Europe
- Ionut Stoica, Head of Cybercrime Academy, CEPOL
- Alexandre Oliveira, Judge, European Judicial Training Network
Closing remarks
- EUROJUST
- Dan Rotenberg, Deputy Head of Unit – Security in the Digital Age, European Commission
- Denise Mazzolani, Programme Manager, Cybercrime Programme Office, Council of Europe
- Session I - Carlos Castro Sojo, Prosecutor, Public Ministry of Costa Rica
- Session I - Edmond Koloshi, Prosecutor, General Prosecutor’s Office, Albania
- Session I - Edvardas Sileris, EUROPOL
- Session I - Miroslav Turkovic Montenegro
- Session II - Alexander Seger, Council of Europe
- Session II - Edvardas Sileris, EUROPOL
- Session III - Paul Johnstone, European Judicial Cybercrime Network’s (EJCN) member, Ireland
- Session III - Knut Jostein Saetnan, Norway
- Session IV - Edvardas Sileris, EUROPOL
- Session V - Ionut Stoica, Head of Cybercrime Academy, CEPOL
- Session V - Alexandre Oliveira, Judge, European Judicial Training Network