Ransomware is expensive. The scourge of malicious software designed to block access to computer systems until money is paid for their release is expected to cost the world an estimated $265 billion annually by 2031. This global problem requires global solutions, which is why the international summit that the White House convened last week should be seen as a welcome start.

President Biden’s administration brought together 36 countries and the European Union for the second round of the Counter Ransomware initiative. This year, the private sector was included, too. The event represents the closest, most concrete collaboration among nations on an issue that none of them can tackle alone. The key to stopping criminal hacking gangs is to turn their trade unprofitable. But these groups won’t decide to retire when their jobs become more difficult in, say, Belgium if they’re still making easy money in Brazil. The good news is, any country’s effective anti-ransomware measures have the potential to help protect all its peers.

This challenge comes in two parts: avoiding attacks and catching attackers. The most obvious thing businesses and governments can do to thwart ransomware groups is to bolster their defenses. Participants in the summit have agreed to create a task force that will put together best practices for shoring up systems generally. The task force will also exchange intelligence on cyberthreats, so that systems will also be better equipped against specific incursions. A vulnerability discovered anywhere, with the right kind of communication, can be patched everywhere. Criminals who hold computers hostage for cash will also be discouraged if they can’t move the money they demand. Hence the summit’s well-placed focus on anti-money-laundering standards for the cryptocurrency ecosystem, including know-your-customer rules.

The cryptocurrency questions require not only potent defenses but also offensive strategies. Ideally, countries will share information about “wallets” that bad actors use to launder their gains, as well as ways to trace stolen funds to ransomware actors’ accounts — with savvier nations instructing the less experienced in how to follow the money.

Perhaps the most important decision from the summit is tucked into a single sentence: Members, the official readout declared, will “work together to increase political costs on countries that harbor and enable ransomware actors.” The statement reveals the inherent challenge that could impede the success of any conference like this. Willing nations have come together to take action, but without some help from the as-yet unwilling, progress will prove difficult. China, Iran, North Korea and especially Russia, as well as others, are known for offering haven to ransomware actors; none of these participated in the summit, and they’re unlikely as well to sign on to any of the more formal multilateral agreements that would enshrine its recommendations.

Last week’s pledge to increase costs on countries that won’t uphold the rule of law was open-ended, but there are plenty of options for carrying it out, from imposing sanctions, to naming and shaming, to quieter, behind-the-scenes cajoling. The job ahead for summit participants isn’t only to hold themselves to account for their commitments, but to hold the rest of the world to account as well.

