The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat.
Publicly disclosed ransomware payments have reached more than $400 million globally in 2020 and over $81 million in the first quarter of 2021, according to a fact sheet published today by the White House.
International counter-ransomware virtual meetings
President Joe Biden announced on October 1 that the U.S. would bring together allies and partners from 30 countries to join efforts to crack down on ransomware groups behind a barrage of attacks impacting organizations worldwide.
The Counter-Ransomware Initiative meetings come in response to ongoing attacks, including ransomware attacks on Colonial Pipeline, JBS Foods, and Kaseya in the U.S., which have revealed significant vulnerabilities across critical worldwide infrastructure.
“We’re hosting — we’re facilitating a virtual meeting. It’ll be joined by ministers and senior officials from over 30 countries and the European Union to accelerate cooperation to counter ransomware,” a senior administration official told reporters in a background press call today.
“The Counter-Ransomware Initiative will meet over two days, and participants will cover everything from efforts to improve national resilience, to experiences addressing the misuse of virtual currency to launder ransom payments, our respective efforts to disrupt and prosecute ransomware criminals, and diplomacy as a tool to counter ransomware.”
The areas that will be covered during this week’s meetings (national resilience, countering illicit finance, disruption, and diplomacy) line up with the Biden Administration’s counter-ransomware endeavors, which are organized along four different lines of effort:
- Disrupt Ransomware Infrastructure and Actors: The Administration is bringing the full weight of U.S. government capabilities to disrupt ransomware actors, facilitators, networks, and financial infrastructure;
- Bolster Resilience to Withstand Ransomware Attacks: The Administration has called on the private sector to step up its investment and focus on cyber defenses to meet the threat. The Administration has also outlined the expected cybersecurity thresholds for critical infrastructure and introduced cybersecurity requirements for critical transportation infrastructure;
- Address the Abuse of Virtual Currency to Launder Ransom Payments: Virtual currency is subject to the same Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) controls applied to fiat currency, and those controls and laws must be enforced. The Administration is leveraging existing capabilities and acquiring innovative capabilities to trace and interdict ransomware proceeds; and
- Leverage International Cooperation to Disrupt the Ransomware Ecosystem and Address Safe Harbors for Ransomware Criminals: Responsible states do not permit criminals to operate with impunity from within their borders.
As part of this ongoing fight against ransomware cybercrime groups, President Biden also issued a U.S. security memorandum to bolster critical infrastructure cybersecurity by setting baseline performance goals for owners and operators.
Deputy National Security Advisor Anne Neuberger told U.S. businesses to take ransomware seriously after the Colonial Pipeline and JBS ransomware attacks.
White House Press Secretary Jen Psaki added that the U.S. administration will take action against ransomware groups operating within Russia’s borders if “the Russian government cannot or will not.”
In July, Interpol also urged police agencies and industry partners worldwide to fight together against the ransomware threat after G7 leaders asked Russia to disrupt Russian-based ransomware gangs within its borders.
Russia and China left out
Even though Moscow and Washington have managed to resume cooperation in several areas, which led to several hits on Evil Corp., TrickBot, and REvil gangs, according to Kommersant, Russia and China were not invited to this week’s counter-ransomware meetings.
“We’ve worked with allies and partners to hold nation-states accountable for malicious cyberactivity as evidenced by, really, the broadest international support we had ever in our attributions for Russia and China’s malicious cyber activities in the last few months,” the official added.
“The Experts Group continues to meet to address the ransomware threat and to press Russia to act against criminal ransomware activities emanating from its territory. In this first round of discussions, we did not invite the Russians to participate for a host of reasons, including various constraints.”
The official also said that the Biden admin has observed the Russian government taking steps towards cracking down on ransomware gangs active on its territory, with more results and follow-up actions being expected.
“We do look to the Russian government to address ransomware criminal activity coming from actors within Russia. I can report that we’ve had, in the Experts Group, frank and professional exchanges in which we’ve communicated those expectations.
“We’ve also shared information with Russia regarding criminal ransomware activity being conducted from its territory. We’ve seen some steps by the Russian government and are looking to see follow-up actions.”