×

Regional Conference on Ransomware Concludes with Cross-Sector Dialogue

04.12.2025

Image for Regional Conference on Ransomware Concludes with Cross-Sector Dialogue

The Western Balkans Cyber Capacity Centre (WB3C) hosted the regional conference Confronting Ransomware: Analysis and Strategy for the Western Balkans” on 2-3 December 2025. The event served as a platform for structured dialogue among key stakeholders from the region and international partners. The discussions were guided by Vanja Madzgalj, our Senior Project Manager, who served as the conference host, ensuring a cohesive and productive exchange of ideas throughout the two-day programme.

The conference was opened by Mr. Marash Dukaj, Minister of Public Administration of Montenegro who stressed the importance of continued development and collaboration, despite significant progress Montenegro has made over the past few years. The critical role of international cooperation was acknowledged by H.E. Anne-Marie Maskay, Ambassador of France to Montenegro, and H.E. Bernarda Gradišnik, Ambassador of Slovenia to Montenegro, highlighting the partnership that established the WB3C.

Over two days, sessions were designed to address the ransomware challenge from distinct professional viewpoints.

Day 1: Understanding the Threat and Response Mechanisms

  • Panel 1: The Operational Threat Landscape. This session provided a technical and strategic overview of ransomware from national and private sector perspectives.
    • Moderator: Igor Kovač, Government Information Security Office of Slovenia (URSIV).
    • Panelists: Dušan Polović (Ministry of Public Administration, Montenegro), Saimir Kapllani (National Cyber Security Authority, Albania), Predrag Puharić (Cyber Security Excellence Centre, BiH), and Mladen Bukilić (Čikom, Montenegro).
    • Key Discussion: The panel detailed the current scale and methods of attacks, emphasizing the need for shared threat intelligence. They looked at how ransomware has been evolving in the recent years and how governments and private sector are preparing for to prevent and respond growing threats. Disparity in defensive resources, especially sophisticated AI capabilities, affects overall organizational esilience.
  • Panel 2: Law Enforcement Perspective on Cybercriminal Organizations. This panel focused on the investigative viewpoint, examining the structure and operations of ransomware groups.
    • Moderator: Francisco Losada, Cybercrime Specialist, EUROPOL.
    • Panelists: Julien Hamm (Anti-cybercrime Office (OFAC), France), Nenad Bogunović (High-Tech Crime Unit, Ministry of Interior, Serbia), and Sreten Ćorić (High-tech Crime Unit, Police Directorate of Montenegro).
    • Key Discussion: Experts outlined the sophisticated, business-like models of cybercriminal groups. Challenges highlighted included the cross-jurisdictional nature of investigations and the constant evolution of adversarial tactics, which require continuous adaptation and closer international police collaboration.
  • Keynote Presentation: A Law Enforcement Blueprint. Captain Pascal Martin of the French Gendarmerie delivered a keynote address, decrypting a successful operation against a ransomware network. His presentation provided a concrete blueprint for combining digital forensics, international judicial cooperation, and public-private intelligence sharing to achieve tangible results.
  • Case Study: The Private Sector Response. Vladimir Mlynar, CISO for VINCI Energies CEE, presented a detailed case study from the private sector. He walked through the operational timeline of a real-world ransomware incident, offering insights into crisis management, communication challenges, and recovery strategies under pressure.
  • Panel 3: The Legal and Jurisdictional Framework. This discussion explored the judicial and prosecutorial challenges in combating ransomware.
    • Moderator: Ana Bukilić, International Development Law Organisation (IDLO).
    • Panelists: Aurélien Brouillet (Deputy Prosecutor, Judicial Court of Paris), Marina Barbir (Judge, Higher Court of Belgrade), and Ivaylo Iliev (Assistant to the National Member for Bulgaria, EUROJUST).
    • Key Discussion: The conversation centered on the complexities of applying national laws to transnational cybercrime. Key challenges involve harmonizing legal standards for evidence collection, ensuring effective prosecutions, and streamlining formal international cooperation channels to keep pace with the speed of cyber incidents. The need for training in digital forensics for prosecutors and judges was emphasized as key in advancing judicial response in cases involving digital evidence and other sophisticated technologies.  
  • Special Session: Technical and Legal Aspects of Cryptocurrency Seizure. This exchange focused on the financial dimension of ransomware response.
    • Participants: Laurent Tisseyre (TRM Labs) and Dr. Arben Murtezić (Legal Counsel and Law Professor).
    • Key Discussion: The dialogue between a technical analyst and a legal expert underscored the difficulty of tracing and immobilizing illicit cryptocurrency payments. Challenges include the need for specialized blockchain forensic tools and navigating varied national regulations for asset seizure and recovery.

Day 2: Evolving Tactics and Crisis Management

  • Panel 1: The Impact of Artificial Intelligence. This session assessed AI's dual role in both advancing threats and empowering defenses.
    • Moderator: David Toulotte, Cyber reservist, Head of Global IT @ ArcelorMittal Europe.
    • Panelists: Mitja Trampuž (Creaplus/ai4si, Slovenia), Ivan Bošković (IT Advanced Services, Montenegro), and Prof. Dimitar Bogatinov (Military Academy, Skopje).
    • Key Discussion: Panelists explored how AI lowers barriers for executing more persuasive and adaptive attacks. A significant challenge is the rapid adoption of AI systems without corresponding security safeguards, creating new vulnerabilities even as AI offers new tools for cyber defense. Constant advancement of attacks forces defenders to also develop faster. The conclusion of the panel was that AI is here to stay, as one of the greatest inventions of man.
  • Panel 2: Incident Response and Negotiation Dynamics. This panel addressed the critical decision-making processes during an active ransomware attack.
  • Presentation: Resilience at Scale. Jérémy Couture, former Head of Cybersecurity for the Paris 2024 Olympic Games, provided a unique testimony on defending a hyper-complex, global target. His presentation on managing extreme-scale threats and stakeholder coordination offered critical lessons for national and corporate resilience planning.
    • Moderator: Gilles Schwoerer, Head of WB3C.
    • Panelists: Jean-Dominique Nollet (CISO, TotalEnergies) and Captain Pascal Martin (French Gendarmerie).
    • Key Discussion: The session covered the operational, legal, and ethical complexities of ransom negotiations. The main challenges discussed were balancing incident containment, legal obligations, and business continuity under severe pressure, all while coordinating with law enforcement investigations.

The conference facilitated a substantive exchange of perspectives from law enforcement, the judiciary, the private sector, and policy makers. The discussions reinforced that an effective response to ransomware requires continuous, practical collaboration across these sectors and borders, with a focus on addressing shared challenges in capacity, legislation, and joint operations.  The highly engaged audience, whose numerous questions created a dynamic, two-way conversation deepened the value of each session.  We thank all the speakers and participants for their great contribution to this conference and our Project Manager Maja Miranovic for putting together this great event. 

Check out event photos here: 

https://www.jaredic.com/p467614661 (day 1)

https://www.jaredic.com/p549115929 (day 2)

Other news and events
Image for Combatting Disinformation and FIMI
Combatting Disinformation and FIMI

A very productive meeting this morning with the Atlantic Council of Montenegro, led by Mr. Savo Kentera, President and CEO, together with his team Azra Karastanović and Draško Jabučanin. The Western Balkans Cyber Capacity Centre (WB3C) was represented by its Head Gilles Schwoerer and the team: Vanja Madzgalj MBE, Cyril C. and Yannick Casse. 

Building on our previous engagements, including the national Round Table on Critical Infrastructure and the 2BS Forum, WB3C is further strengthening this collaboration to address pressing regional challenges.

Our discussions highlighted significant common interests in two crucial areas: critical infrastructure resilience and countering disinformation and foreign information manipulation and interference (FIMI).

This prospective partnership reflects a shared commitment to strengthening regional security and societal resilience against interference and information manipulation. We look forward to developing concrete actions and contributing meaningfully to these important efforts.

Read More
Image for Developing Future Cyber Talent Through Early Interventions in Schools
Developing Future Cyber Talent Through Early Interventions in Schools

WB3C paid a visit to the Ministry of Education, Science and Innovation this week. We met with the State Secretary Calasan Tatjana to introduce WB3C’s work and share an overview of our plans for 2026, with a focus on education, young people and cooperation with universities. We talked about practical ways to support foundational awareness and cyber skills in schools and development of academic learning pathways such as micro-credentials and new degree programmes in cybersecurity and digital forensics in universities. 

The meeting was also a chance to update the Ministry on how WB3C is developing as an international organization and how our role in Montenegro and the region is growing, as well as to explore how we could work more closely in the future.
We appreciated the open and constructive exchange, and the shared understanding that investing early in digital skills and cyber awareness really matters.
Looking forward to continuing the conversation and building on this momentum.
 

Read More
Image for Cyber Hygiene Training for Ministry of European Affairs of Montenegro
Cyber Hygiene Training for Ministry of European Affairs of Montenegro

Today we start a short CyberHygiene training for colleagues at Montenegro’s Ministry of European Affairs. The training is led by WB3C-s in-house trainers Cyril C. and Yannick Casse.
Over the two days, we will work through the threats civil servants face most often — phishing, malware/ransomware and social engineering — and the practical habits that reduce risk without needing to advance technical skills such as: safer daily practices, data confidentiality and clear incident response basics.
A reminder worth repeating: cyber hygiene is organizational hygiene. Firewalls and policies help, but day-to-day resilience is built in small decisions made across the institution. Every civil servant counts.
A simple checklist that pays off:
⚠️ Pause before you click (especially “urgent” emails)
⚠️ Use strong passwords/passphrases + multi-factor authentication where available
⚠️ Keep devices and apps updated
⚠️ Report suspicious activity early—speed matters

Director Gilles Schwoerer greeted the participants by emphasizing that cybersecurity culture doesn’t start in the IT department, but it starts in each inbox. We are very pleased to welcome the behind-the-scenes force driving Montenegro's successful advancement towards the EU accession and to share that WB3C is expecting its first multi-year EU grant in March this year, aimed at supporting the region in meeting the requirements from the cyber agenda and strengthening its overall resilience, especially its critical infrastructure. We look forward to joining forces with ministries around the region in 2026 - a year expected to bring a dynamic plan of activities.

Read More

Follow us on social media:

Copyright © WB3C

Disclaimer: Translations of the original content written in English into other languages are AI generated by Weglot.