×

Confronting Ransomware: Analysis and Strategy for the Western Balkans 2–3 December 2025 | Science and Technology Park of Montenegro

02.12.2025

Image for Confronting Ransomware: Analysis and Strategy for the Western Balkans 2–3 December 2025 | Science and Technology Park of Montenegro

Ransomware continues to pose one of the most serious and persistent cyber threats to institutions and businesses across the Western Balkans. In response to this growing challenge, the Western Balkans Cyber Capacity Centre (WB3C) is hosting a two-day conference that brings together national authorities, law enforcement agencies, EU institutions, the private sector and international experts to examine the evolving threat landscape and identify practical paths forward.

The discussions will follow the structure of the latest published agenda (available below), covering operational, legal, technical and strategic dimensions of ransomware response.

A diverse regional and European expert community

The conference brings together a wide range of contributors, reflecting the cross-sectoral nature of ransomware resilience:

  • National cybersecurity authorities, CSIRTs and police high-tech crime units from Montenegro, Albania, Bosnia and Herzegovina, Serbia, and North Macedonia
  • European and international law enforcement institutions, including Europol and France’s Anti-Cybercrime Office (OFAC)
  • Judicial representatives and prosecutors from France, Serbia, Montenegro and EUROJUST
  • Private-sector leaders in cybersecurity, including technical experts, CISOs, SOC practitioners and incident-response specialists from across the region and the EU
  • Academic and research communities specialising in cybercrime, digital forensics and AI-enabled cyber threats

Key themes across the two-day programme

The agenda examines several critical aspects of the ransomware ecosystem:

  • Mapping current ransomware tactics and regional threat activity
  • Understanding criminal group structures, operational models and international cooperation needs
  • Lessons learned from high-profile investigations and successful dismantling of ransomware groups
  • Comparative legal frameworks and the challenges of jurisdiction, prosecution and evidence handling
  • Real-world case studies from organisations that have managed and recovered from ransomware attacks
  • Technical and legal issues surrounding cryptocurrency tracing and seizure
  • The emerging role of AI in enhancing both attacker capabilities and defensive measures
  • Operational insights from securing major international events, including Paris 2024
  • The complexities of negotiating under pressure during active ransomware incidents

Through panels, keynotes, and practitioner-to-practitioner exchanges, the event aims to deepen understanding of how ransomware is evolving, where regional vulnerabilities lie, and what coordinated action is needed to strengthen resilience.

WB3C is committed to strengthening cybersecurity capacity across the Western Balkans by connecting national stakeholders with European expertise and by translating insights into practical improvements for public authorities, critical service operators and the wider digital ecosystem.

Access the latest agenda below.

Downloads:

Ransomware-Conference-Agenda.pdf

Other news and events
Image for Regional Conference on Foreign Information Manipulation and Interference and Disinformation
Upcoming
Regional Conference on Foreign Information Manipulation and Interference and Disinformation

This regional conference intended for governments, media and civil society brings diverse perspectives on the growing hybrid threats of fake news, disinformation, manipulative and malign narratives that have the power to undermine democratic processes, trust in media and institutions and overal societal resilience and cohesion. Understanding, detecting, preventing, responding, debunking, investigating and prosecuting such manipulations will be the task of our panels, case studies and interactive exercises aimed at supporting governemnts and societies to tackle this challenge. The conference will feature 30 prominent speakers from the EU and the WB region from various departments, sectors and industries. 

Read More
Image for CTI for Critical Infrastructure Training Completed
CTI for Critical Infrastructure Training Completed

Last week at WB3C, we wrapped up a four-day training on Cyber Threat Intelligence (CTI) focused on the energy sector and government infrastructure, led by Ljuban Petrovic.

Working with SOC, CSIRT and CERT teams from across the region, the training reinforced a simple point: CTI only matters when it informs decisions. When it helps prioritise. When it changes how teams prepare and respond.
The sectoral focus proved its value. Energy infrastructure comes with its own risk landscape, and the discussions reflected that reality—specific, operational, and directly relevant.

We are continuing this work in September, building on what started here.
Because strengthening resilience is not a one-off effort. It is something that develops over time, through practice, exchange, and trust. 

Read More
Image for What is Cyber Threat Intelligence (CTI) — and why does it matter?
What is Cyber Threat Intelligence (CTI) — and why does it matter?

Simply put, CTI is about turning information into insight, before a threat happens.

Not just collecting data on threats, but understanding who is behind them, how they operate, and what that means for your own systems.
Without that understanding, cybersecurity remains reactive. With it, organisations can anticipate, prioritise and respond with purpose.

Next week at WB3C, we will be running a four-day regional training on Cyber Threat Intelligence (CTI).
The training is designed for SOC, CSIRT and CERT teams, as well as IT professionals working within critical entities—specifically the energy sector. The choice is deliberate.

We are taking a sectoral approach to cybersecurity capacity building. Because threats are not abstract—they target specific systems, infrastructures and vulnerabilities. And the energy sector, as a backbone of economic and societal stability, requires tailored, operationally relevant skills that reflect its real risk landscape.
Over four days, participants will cover:
💡 understanding CTI in the context of critical infrastructure
💡 analysing threats and assessing their impact
💡 translating intelligence into actionable outputs

All week, we will be working closely with cybersecurity professionals from across the region’s energy sector—moving from concepts to application, and building capabilities that can directly support operational decision-making.
This is where CTI becomes operational. Protecting our energy infrastructure means protecting our economy, our security and our livelihood.

Image: Patrick https://lnkd.in/diYnZEgB

Read More

Follow us on social media:

Copyright © WB3C

Disclaimer: Translations of the original content written in English into other languages are AI generated by Weglot.