Events

Today, December 12th, the Western Balkans Cyber Capacity Centre (WB3C) had the pleasure to host a training on Governing Commercial Cyber Intrusion Capabilities (CCICs). 
Organized by the Ministère des Affaires étrangères français and implemented by Expertise France in the framework of a European Commission subvention under the Multi-Partner Contribution Agreement (MPCA) on Cyber and Artificial Intelligence, this training gathered diverse actors involved in the cybersecurity landscape of the Western Balkans region such as diplomats, magistrates and law enforcement officers to discuss the growing challenge posed by the proliferation and irresponsible use of CCICs. 

Throughout the day, participants deep dived into the characteristics of the CCICs market and exchanged the need for strong governance frameworks:
1)     Assessing the threat and current trends in the global cyber intrusion market.
2)     Decoding the Pall Mall Process: ensuring government responsible use of commercial cyber intrusion capabilities.
3)     National CCIC governance frameworks: sharing of national experiences and identifying challenges and guidance.

Complementary to the other WB3C trainings, this workshop has contributed to advancing responsible governance of CCICs and strengthening accountability in the cyber domain. We thank the speakers Mahé Dersoir (Ministère des Affaires étrangères français), Robert Pellow (Foreign, Commonwealth and Development Office), James Shires and Lena Riecke for their precious contributions and expertise in the subject. 
Moreover, we thank all participants for their active engagement and constructive exchanges, which are essential to continuously improve our collective understanding and oversight of CCICs. 
We are grateful to our local partners Davide Meinero, PhD of the EU Delegation to Montenegro, Melanie Moffat of the British Embassy, Bertrand Baucher of the French Embassy and Gilles Schwoerer, Head of WB3C for supporting this initiative.

Today, we are starting the third cycle of our specialized cybercrime training for 11 new cadets from the Police Academy of Montenegro. This ongoing initiative is building essential skills in digital investigations from the ground up.

The instruction comes directly from the field: our trainers, Yannick Casse and Cyril C. C, are serving officers from the French Gendarmerie and National Police, bringing real-world expertise to every session.
For today's police, digital literacy is as essential as field training. Building skills in OSINT, dark web monitoring and investigation and crypto-tracing isn't about specialization, it's about core competency because effective investigation requires understanding that in today's world evidence is digital, money is crypto and crimes leave traces on servers instead of streets.

The cadets will immerse themselves in digital investigation techniques over the next three days, and to solidify their learning, will conclude with a practical test, assessing their newfound skills in these critical areas.

This Friday, in cooperation with UNDP Kosovo, we completed an intensive training cycle for the Kosovo* Police Cyber Unit. Over the four days, 15 participants engaged deeply with the landscape of modern digital threats.
Our in-house trainers for cyber crime Cyril C. and Yannick Casse prepared a comprehensive curriculum covering the full spectrum: from the hashtag#typologies of cyber-enabled crimes and attacks on data systems to practical sessions in hashtag#OSINT techniques and the evolving challenges of hashtag#cryptocurrency in criminal investigations.
The group was highly committed, proactive and engaged and demonstrated exceptional analytical skills needed for their practical work as investigators.

A sincere congratulations to the entire cohort and thanks to UNDP for their support.

The Western Balkans Cyber Capacity Centre (WB3C) hosted the regional conference “Confronting Ransomware: Analysis and Strategy for the Western Balkans” on 2-3 December 2025. The event served as a platform for structured dialogue among key stakeholders from the region and international partners. The discussions were guided by Vanja Madzgalj, our Senior Project Manager, who served as the conference host, ensuring a cohesive and productive exchange of ideas throughout the two-day programme.

The conference was opened by Mr. Marash Dukaj, Minister of Public Administration of Montenegro who stressed the importance of continued development and collaboration, despite significant progress Montenegro has made over the past few years. The critical role of international cooperation was acknowledged by H.E. Anne-Marie Maskay, Ambassador of France to Montenegro, and H.E. Bernarda Gradišnik, Ambassador of Slovenia to Montenegro, highlighting the partnership that established the WB3C.

Over two days, sessions were designed to address the ransomware challenge from distinct professional viewpoints.

Day 1: Understanding the Threat and Response Mechanisms

• Panel 1: The Operational Threat Landscape. This session provided a technical and strategic overview of ransomware from national and private sector perspectives.
  • Moderator: Igor Kovač, Government Information Security Office of Slovenia (URSIV).
  • Panelists: Dušan Polović (Ministry of Public Administration, Montenegro), Saimir Kapllani (National Cyber Security Authority, Albania), Predrag Puharić (Cyber Security Excellence Centre, BiH), and Mladen Bukilić (Čikom, Montenegro).
  • Key Discussion: The panel detailed the current scale and methods of attacks, emphasizing the need for shared threat intelligence. They looked at how ransomware has been evolving in the recent years and how governments and private sector are preparing for to prevent and respond growing threats. Disparity in defensive resources, especially sophisticated AI capabilities, affects overall organizational esilience.
• Panel 2: Law Enforcement Perspective on Cybercriminal Organizations. This panel focused on the investigative viewpoint, examining the structure and operations of ransomware groups.
  • Moderator: Francisco Losada, Cybercrime Specialist, EUROPOL.
  • Panelists: Julien Hamm (Anti-cybercrime Office (OFAC), France), Nenad Bogunović (High-Tech Crime Unit, Ministry of Interior, Serbia), and Sreten Ćorić (High-tech Crime Unit, Police Directorate of Montenegro).
  • Key Discussion: Experts outlined the sophisticated, business-like models of cybercriminal groups. Challenges highlighted included the cross-jurisdictional nature of investigations and the constant evolution of adversarial tactics, which require continuous adaptation and closer international police collaboration.
• Keynote Presentation: A Law Enforcement Blueprint. Captain Pascal Martin of the French Gendarmerie delivered a keynote address, decrypting a successful operation against a ransomware network. His presentation provided a concrete blueprint for combining digital forensics, international judicial cooperation, and public-private intelligence sharing to achieve tangible results.
• Case Study: The Private Sector Response. Vladimir Mlynar, CISO for VINCI Energies CEE, presented a detailed case study from the private sector. He walked through the operational timeline of a real-world ransomware incident, offering insights into crisis management, communication challenges, and recovery strategies under pressure.
• Panel 3: The Legal and Jurisdictional Framework. This discussion explored the judicial and prosecutorial challenges in combating ransomware.
  • Moderator: Ana Bukilić, International Development Law Organisation (IDLO).
  • Panelists: Aurélien Brouillet (Deputy Prosecutor, Judicial Court of Paris), Marina Barbir (Judge, Higher Court of Belgrade), and Ivaylo Iliev (Assistant to the National Member for Bulgaria, EUROJUST).
  • Key Discussion: The conversation centered on the complexities of applying national laws to transnational cybercrime. Key challenges involve harmonizing legal standards for evidence collection, ensuring effective prosecutions, and streamlining formal international cooperation channels to keep pace with the speed of cyber incidents. The need for training in digital forensics for prosecutors and judges was emphasized as key in advancing judicial response in cases involving digital evidence and other sophisticated technologies.  
• Special Session: Technical and Legal Aspects of Cryptocurrency Seizure. This exchange focused on the financial dimension of ransomware response.
  • Participants: Laurent Tisseyre (TRM Labs) and Dr. Arben Murtezić (Legal Counsel and Law Professor).
  • Key Discussion: The dialogue between a technical analyst and a legal expert underscored the difficulty of tracing and immobilizing illicit cryptocurrency payments. Challenges include the need for specialized blockchain forensic tools and navigating varied national regulations for asset seizure and recovery.

Day 2: Evolving Tactics and Crisis Management

• Panel 1: The Impact of Artificial Intelligence. This session assessed AI's dual role in both advancing threats and empowering defenses.
  • Moderator: David Toulotte, Cyber reservist, Head of Global IT @ ArcelorMittal Europe.
  • Panelists: Mitja Trampuž (Creaplus/ai4si, Slovenia), Ivan Bošković (IT Advanced Services, Montenegro), and Prof. Dimitar Bogatinov (Military Academy, Skopje).
  • Key Discussion: Panelists explored how AI lowers barriers for executing more persuasive and adaptive attacks. A significant challenge is the rapid adoption of AI systems without corresponding security safeguards, creating new vulnerabilities even as AI offers new tools for cyber defense. Constant advancement of attacks forces defenders to also develop faster. The conclusion of the panel was that AI is here to stay, as one of the greatest inventions of man.
• Panel 2: Incident Response and Negotiation Dynamics. This panel addressed the critical decision-making processes during an active ransomware attack.
• Presentation: Resilience at Scale. Jérémy Couture, former Head of Cybersecurity for the Paris 2024 Olympic Games, provided a unique testimony on defending a hyper-complex, global target. His presentation on managing extreme-scale threats and stakeholder coordination offered critical lessons for national and corporate resilience planning.
  • Moderator: Gilles Schwoerer, Head of WB3C.
  • Panelists: Jean-Dominique Nollet (CISO, TotalEnergies) and Captain Pascal Martin (French Gendarmerie).
  • Key Discussion: The session covered the operational, legal, and ethical complexities of ransom negotiations. The main challenges discussed were balancing incident containment, legal obligations, and business continuity under severe pressure, all while coordinating with law enforcement investigations.

The conference facilitated a substantive exchange of perspectives from law enforcement, the judiciary, the private sector, and policy makers. The discussions reinforced that an effective response to ransomware requires continuous, practical collaboration across these sectors and borders, with a focus on addressing shared challenges in capacity, legislation, and joint operations.  The highly engaged audience, whose numerous questions created a dynamic, two-way conversation deepened the value of each session.  We thank all the speakers and participants for their great contribution to this conference and our Project Manager Maja Miranovic for putting together this great event. 

Check out event photos here: 

https://www.jaredic.com/p467614661 (day 1)

https://www.jaredic.com/p549115929 (day 2)

Ransomware continues to pose one of the most serious and persistent cyber threats to institutions and businesses across the Western Balkans. In response to this growing challenge, the Western Balkans Cyber Capacity Centre (WB3C) is hosting a two-day conference that brings together national authorities, law enforcement agencies, EU institutions, the private sector and international experts to examine the evolving threat landscape and identify practical paths forward.

The discussions will follow the structure of the latest published agenda (available below), covering operational, legal, technical and strategic dimensions of ransomware response.

A diverse regional and European expert community

The conference brings together a wide range of contributors, reflecting the cross-sectoral nature of ransomware resilience:

• National cybersecurity authorities, CSIRTs and police high-tech crime units from Montenegro, Albania, Bosnia and Herzegovina, Serbia, and North Macedonia
• European and international law enforcement institutions, including Europol and France’s Anti-Cybercrime Office (OFAC)
• Judicial representatives and prosecutors from France, Serbia, Montenegro and EUROJUST
• Private-sector leaders in cybersecurity, including technical experts, CISOs, SOC practitioners and incident-response specialists from across the region and the EU
• Academic and research communities specialising in cybercrime, digital forensics and AI-enabled cyber threats

Key themes across the two-day programme

The agenda examines several critical aspects of the ransomware ecosystem:

• Mapping current ransomware tactics and regional threat activity
• Understanding criminal group structures, operational models and international cooperation needs
• Lessons learned from high-profile investigations and successful dismantling of ransomware groups
• Comparative legal frameworks and the challenges of jurisdiction, prosecution and evidence handling
• Real-world case studies from organisations that have managed and recovered from ransomware attacks
• Technical and legal issues surrounding cryptocurrency tracing and seizure
• The emerging role of AI in enhancing both attacker capabilities and defensive measures
• Operational insights from securing major international events, including Paris 2024
• The complexities of negotiating under pressure during active ransomware incidents

Through panels, keynotes, and practitioner-to-practitioner exchanges, the event aims to deepen understanding of how ransomware is evolving, where regional vulnerabilities lie, and what coordinated action is needed to strengthen resilience.

WB3C is committed to strengthening cybersecurity capacity across the Western Balkans by connecting national stakeholders with European expertise and by translating insights into practical improvements for public authorities, critical service operators and the wider digital ecosystem.

Access the latest agenda below.

We just closed a three-day training delivered by two excellent experts from GATEWATCHER, 🛡 Philippe G. and Morgan P. — a global leader in Network Detection and Response (NDR) and Cyber Threat Intelligence (CTI). Their support helped bring some of the most advanced NDR and AI-driven investigation practices directly to our local ecosystem.
Over the three days, participants worked hands-on with Gatewatcher’s technology: understanding how the platform detects threats in real time, how to configure it properly, and how AI is reshaping modern cyber-investigation. The sessions were practical, intense and grounded in real SOC challenges.
Our learners came from both private (Čikom) and public sector (Podgorica) SOC teams including Mladen Bukilic, Bojan Nenadic, Bogdan Scekic, Denis Reković, Andja Budimir, Zvonko Popović, Tamara Bulatovic, Branko Sibalic and Balša Božović.

Their engagement and teamwork made the training genuinely productive, the kind of environment where people learn from each other as much as from the instructors.
This initiative was also made possible thanks to Gilles Schwoerer, Head of WB3C, who brought Gatewatcher and our local companies together to enable this exchange of expertise.

Last week, WB3C participated in the 6th Regional Cybersecurity Conference organized by the Montenegrin NGO Secure, contributing to one of the key discussions of this event: “The impact of AI on cybercrime and law enforcement.” The panel was moderated by our Senior Project Manager, Vanja Madzgalj MBE, and brought together perspectives from the public sector, private sector and the international community supporting capacity building in the region.
A central issue emerged throughout the conversation: as organizations increasingly automate their defences, what happens to the human experts? With AI performing threat analysis, pattern detection and other complex tasks, the role of cybersecurity professionals is not disappearing, it is changing. Their new value lies in oversight, critical judgment, strategic decision-making and the ability to understand and manage AI-enabled systems. This raises another pressing question: while organizations are encouraged to adopt AI, how can they protect their sensitive data from the very risks that AI tools themselves may introduce?

The discussion underscored that AI is transforming both sides of the cyber battlefield. Criminals are using it to scale attacks with unprecedented sophistication, while defenders are leveraging it to detect, analyse and respond to threats faster than ever before. This race for the upper hand demands continuous training and upskilling on all fronts: across government, critical infrastructure, law enforcement and society at large.
Panelists Gilles Schwoerer (WB3C), Bojan Miranović (Police Directorate of Montenegro) and Ivan Stankovic (Čikom) highlighted what this means in practice: how law enforcement handles AI-driven cybercrime, the types of training and support frontline teams need, the institutions most at risk and why cross-border and cross-institution cooperation is becoming indispensable.
For WB3C, these insights reinforce the importance of our mission. As AI accelerates both opportunity and risk, the Western Balkans will need strong skills, trusted partnerships and resilient institutions to stay ahead of emerging threats. WB3C remains committed to supporting that effort across the region.

Today, our colleagues Gilles Schwoerer, head of WB3C and Yannick Casse, cybercrime trainer, attended the graduation ceremony of the 17th generation of cadets at the Police Academy in Danilovgrad. What an emotional event filled with pride! This ceremony marked the formal completion of training for a new cohort who will now enter operational roles within the police service. 

WB3C maintains an active partnership with the Police Academy focused on developing practical digital investigation skills. So far, we have delivered two OSINT training cycles for their cadets, with a third planned for December. These trainings, led by our in-house cybercrime trainers Lt. Y. Casse and Brigadier Chief Cyril C., introduce structured methods for identifying, collecting and preserving open-source information for lawful use in investigations. Strengthening digital competencies is crucial for contemporary policing and we look forward to continuing this work with the upcoming training group.

Congratulations to the graduating cadets!

Last week, on 20-21 November, DCAF and the Western Balkans Cyber Capacity Centre (WB3C) had the pleasure of hosting the workshop "Responsible State Behaviour in Cyberspace: International Norms, Venues and Processes."

It was an engaging two days filled with insightful discussions among professionals coming from foreign ministries in the Western Balkans and Moldova.  

The seminar covered the following topics:
✔️ Operationalizing UN norms from the GGE and OEWG into national strategies.
✔️ Navigating the complex landscape of cyber diplomacy across bilateral and multilateral venues.
✔️ A hands-on exercise on national coordination and international cooperation during a cyber crisis.

These conversations are vital for building a more stable and secure cyberspace, and the collaboration seen in Podgorica is a testament to the shared commitment in the region and beyond. The seminar was also attended by our project manager Maja Miranovic, as part of her professional development. WB3C is committed to empowering women in cyber. 

The seminar ended with closing remarks from Franziska Klopfer and Gilles Schwoerer, stressing that the consistent implementation of these norms is the foundation of international stability in cyberspace.