WASHINGTON – Amid an epidemic of ransomware attacks, the U.S. is discussing cybersecurity strategy this week with 30 countries while leaving out one key player: Russia.
The country that, unwittingly or not, hosts many of the criminal syndicates behind ransomware attacks was not invited to a two-day meeting starting Wednesday to develop new strategies to counter the threat.
White House national security adviser Jake Sullivan called it a gathering of “like-minded” governments in agreement on the urgency of the need to protect citizens and businesses from ransomware. “No one country, no one group can solve this problem,” he said in opening remarks.
The virtual discussions will focus in part on efforts to disrupt and prosecute ransomware networks like the one that attacked a major U.S. pipeline company in May, a senior administration official said. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.
The exclusion of a country so closely tied to the global ransomware phenomena reflects the overall poor relations between Moscow and Washington.
Despite that, the U.S. has used a “dedicated channel" to address cybersecurity with Russia, said the official, who briefed reporters on the condition of anonymity to preview this week's meeting with around 30 countries and the European Union.
Since President Joe Biden raised the issue directly with President Vladimir Putin this summer in a summit and later phone call, there have been “candid discussions” about cybercriminals operating within Russia's borders, the official said.
“We’ve had several, and they continue, and we share information regarding specific criminal actors within Russia, and Russia has taken initial steps,” the official said.
It is unclear what steps Putin's government has taken. Russia does not extradite its own citizens, and FBI Deputy Director Paul Abbate told a security forum last month that he has seen “no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they’ve created there.”
The issue was expected to be on the agenda this week in Moscow as Undersecretary of State Victoria Nuland met for talks with Russian Deputy Foreign Minister Sergei Ryabkov.
The Biden administration took office amid a massive cyberespionage campaign known as the SolarWinds attack, which U.S. officials have linked to Russian intelligence operatives. Ransomware attacks, perpetrated generally by criminal hacker gangs rather than state-sponsored groups, have caused tens of billions of dollars in losses to businesses and institutions and become a major source of tension between the two nations.
Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.
Actions taken by the Biden administration include imposing sanctions on a Russia-based virtual currency brokerage that officials say helped at least eight ransomware gangs launder virtual currency and issuing security directives that require pipeline companies to improve their cyber defenses.
In addition, the State Department has announced rewards of millions of dollars for information on people who engage in state-sponsored malicious cyber activities aimed at transnational criminal networks that Sullivan said operate “across multiple countries, multiple jurisdictions to carry out their attacks.”
Most of this week's ransomware meeting is expected to be private as participants attend sessions led by India, Australia, Britain and Germany and will focus on themes such as developing resilience to withstand ransomware attacks.
Other participants include Israel, the United Arab Emirates, Bulgaria, Estonia, France, the Dominican Republic, Mexico, New Zealand, Singapore and Kenya.