Confronting Ransomware: Analysis and Strategy for the Western Balkans 2–3 December 2025 | Science and Technology Park of Montenegro

02.12.2025

Ransomware continues to pose one of the most serious and persistent cyber threats to institutions and businesses across the Western Balkans. In response to this growing challenge, the Western Balkans Cyber Capacity Centre (WB3C) is hosting a two-day conference that brings together national authorities, law enforcement agencies, EU institutions, the private sector and international experts to examine the evolving threat landscape and identify practical paths forward.

The discussions will follow the structure of the latest published agenda (available below), covering operational, legal, technical and strategic dimensions of ransomware response.

A diverse regional and European expert community

The conference brings together a wide range of contributors, reflecting the cross-sectoral nature of ransomware resilience:

National cybersecurity authorities, CSIRTs and police high-tech crime units from Montenegro, Albania, Bosnia and Herzegovina, Serbia, and North Macedonia
European and international law enforcement institutions, including Europol and France’s Anti-Cybercrime Office (OFAC)
Judicial representatives and prosecutors from France, Serbia, Montenegro and EUROJUST
Private-sector leaders in cybersecurity, including technical experts, CISOs, SOC practitioners and incident-response specialists from across the region and the EU
Academic and research communities specialising in cybercrime, digital forensics and AI-enabled cyber threats

Key themes across the two-day programme

The agenda examines several critical aspects of the ransomware ecosystem:

Mapping current ransomware tactics and regional threat activity
Understanding criminal group structures, operational models and international cooperation needs
Lessons learned from high-profile investigations and successful dismantling of ransomware groups
Comparative legal frameworks and the challenges of jurisdiction, prosecution and evidence handling
Real-world case studies from organisations that have managed and recovered from ransomware attacks
Technical and legal issues surrounding cryptocurrency tracing and seizure
The emerging role of AI in enhancing both attacker capabilities and defensive measures
Operational insights from securing major international events, including Paris 2024
The complexities of negotiating under pressure during active ransomware incidents

Through panels, keynotes, and practitioner-to-practitioner exchanges, the event aims to deepen understanding of how ransomware is evolving, where regional vulnerabilities lie, and what coordinated action is needed to strengthen resilience.

WB3C is committed to strengthening cybersecurity capacity across the Western Balkans by connecting national stakeholders with European expertise and by translating insights into practical improvements for public authorities, critical service operators and the wider digital ecosystem.

Access the latest agenda below.

Downloads:

Ransomware-Conference-Agenda.pdf

Other news and events

Second Cybersecurity Diploma Prep Course Completed

Our second Prep Course cohort (December) led by Ljuban Petrovic just finished two intense weeks of learning, practice and assessment. These ICT students showed up with curiosity and ambition to build their future career in cybersecurity field.

Now, the bigger picture:

We’ve completed two Prep Course cohorts (November + December), with 18 students in total from the Western Balkans. They have already taken the final test, and the final selection will be made in January for the free Cybersecurity University Diploma starting in February 2026, delivered by WB3C in cooperation with the Université de Technologie de Troyes (UTT).

What makes this course unique is that it’s not “just another training.” It’s a real academic pathway that helps students build lasting qualifications and it sits alongside our year round short courses as part of a wider talent strategy.

What this diploma prepares students for (entry roles):
🛡️ Security Administrator
🧠 SOC Analyst (Junior)
🧪 Junior Penetration Tester
🔍 Digital Forensics Technician
✅ Cybersecurity Auditor (Junior)

What happens next:

📝 January: final selection
🎓 February 2026: one-year long diploma course starts

Our cooperation with universities is an investment in long-term cybersecurity workforce development and we have more plans for the future how to make these courses available to more people in the region.

Governing Commercial Cyber Intrusion Capabilities (CCICs)

Today, December 12th, the Western Balkans Cyber Capacity Centre (WB3C) had the pleasure to host a training on Governing Commercial Cyber Intrusion Capabilities (CCICs).
Organized by the Ministère des Affaires étrangères français and implemented by Expertise France in the framework of a European Commission subvention under the Multi-Partner Contribution Agreement (MPCA) on Cyber and Artificial Intelligence, this training gathered diverse actors involved in the cybersecurity landscape of the Western Balkans region such as diplomats, magistrates and law enforcement officers to discuss the growing challenge posed by the proliferation and irresponsible use of CCICs.

Throughout the day, participants deep dived into the characteristics of the CCICs market and exchanged the need for strong governance frameworks:
1)     Assessing the threat and current trends in the global cyber intrusion market.
2)     Decoding the Pall Mall Process: ensuring government responsible use of commercial cyber intrusion capabilities.
3)     National CCIC governance frameworks: sharing of national experiences and identifying challenges and guidance.

Complementary to the other WB3C trainings, this workshop has contributed to advancing responsible governance of CCICs and strengthening accountability in the cyber domain. We thank the speakers Mahé Dersoir (Ministère des Affaires étrangères français), Robert Pellow (Foreign, Commonwealth and Development Office), James Shires and Lena Riecke for their precious contributions and expertise in the subject.
Moreover, we thank all participants for their active engagement and constructive exchanges, which are essential to continuously improve our collective understanding and oversight of CCICs.
We are grateful to our local partners Davide Meinero, PhD of the EU Delegation to Montenegro, Melanie Moffat of the British Embassy, Bertrand Baucher of the French Embassy and Gilles Schwoerer, Head of WB3C for supporting this initiative.

Darkweb, Crypto and OSINT Training for Police Academy Montenegro

Today, we are starting the third cycle of our specialized cybercrime training for 11 new cadets from the Police Academy of Montenegro. This ongoing initiative is building essential skills in digital investigations from the ground up.

The instruction comes directly from the field: our trainers, Yannick Casse and Cyril C. C, are serving officers from the French Gendarmerie and National Police, bringing real-world expertise to every session.
For today's police, digital literacy is as essential as field training. Building skills in OSINT, dark web monitoring and investigation and crypto-tracing isn't about specialization, it's about core competency because effective investigation requires understanding that in today's world evidence is digital, money is crypto and crimes leave traces on servers instead of streets.

The cadets will immerse themselves in digital investigation techniques over the next three days, and to solidify their learning, will conclude with a practical test, assessing their newfound skills in these critical areas.