More than 30 countries will come together this week to discuss combating ransomware attacks around the world, for the start of an international initiative led by the United States and a new White House effort that follows some high profile cybersecurity breaches this year.
The new initiative begins with virtual meetings Wednesday and Thursday, which are meant to be the first in a series of international engagements on cybersecurity, a senior administration official said.
But one key country was not invited: Russia. The nation is believed to be home to several known cybercriminal groups, including DarkSide, the organization identified by the FBI as responsible for the attack on the U.S.-based Colonial Pipeline in May. The cyberattack led to widespread gas shortages and panic buying – the company eventually paid a nearly $5 million ransom to the attackers, though the Department of Justice recovered a portion of the payment.
However, a senior administration official noted that the U.S. remains directly engaged with Russia on ransomware issues through other channels, including one established by President Joe Biden and Russian President Vladimir Putin in their first meeting over the summer.
“We do look to the Russian government to address ransomware criminal activity coming from actors within Russia,” the official said, later adding: “Russia has taken initial steps.”
Still, it’s unclear if Russia will be invited to future meetings of the new counter-ransomware initiative or how they will be incorporated into the unified efforts to fight ransomware attackers.
The discussions launching Wednesday include four main topics: readying countries to respond to attacks, addressing the use of virtual currency to make ransom payments, ways to disrupt and prosecute cybercriminals and the use of diplomacy to counter ransomware attacks.
While the gathering this week is facilitated by the U.S., a few countries will lead sessions: the United Kingdom, Australia, India and Germany.
“Cybersecurity poses one of the greatest challenges facing our nation,” Department of Homeland Security Secretary Alejandro Mayorkas said last week in a speech to an annual summit hosted by cybersecurity company Billington.
A senior official who helped arrange the new talks starting Wednesday said they were “very hopeful” about the international collaboration and its potential outcomes.
Another top official, Deputy Attorney General Lisa Monaco, wrote in an op-ed last week that Congress also needs to do more to require reporting of ransomware attacks, in order to aid law enforcement in handling them and preventing future ones.
“The ransomware attack on Colonial Pipeline should have been a wakeup call for America,” Monaco wrote, pointing out others in the months that followed, such as the attack on JBS, the world’s largest meat supplier, which resulted in an $11 million payment.
“This string of attacks illustrates the surge in ransomware and digital extortion attacks over the last several years,” she added. “More needs to be done. Cybercriminals have increased the scale, scope and impact of their nefarious efforts. The simple fact is we cannot go at this problem alone.