- The Biden administration concluded a 30-nation virtual summit on ransomware Thursday, with a joint call to action that officials hope will gather worldwide support to crack down on malicious cyber activity and the illicit use of cryptocurrency.
- The countries promised to collaborate on intelligence sharing; investigation and prosecution of criminal ransomware gangs; tracing and disruption of illegal funds transfer and money laundering; and diplomatic efforts to root out safe havens for such criminals, according to a joint statement from participating ministers and national representatives.
- The meeting may further isolate ransomware havens like Russia and to a lesser extent China, industry analysts and security researchers said. But some experts are still calling for more robust, open and direct countermeasures to deter rogue nation states from using cybercriminals as geopolitical proxies.
State Department officials have been in direct engagement with their Russian counterparts this week on a variety of issues, including discussions over whether to restore more robust staffing at the diplomatic level.
"Addressing cyber issues, including ransomware criminals, has been consistently high on our agenda with the Russian Federation," State Department spokesman Ned Price said in a Tuesday press briefing. "We have said that Under Secretary [Victoria] Nuland's discussions would center on [the] staffing of our missions in Russia but also address a broad range of bilateral issues."
The State Department would not go into details about what specifically has been discussed, an agency spokesperson said Thursday. But earlier this week administration officials indicated that some progress was being made to get Russian cooperation, however cautioned that U.S. officials were waiting to see more concrete followup activities.
The Biden administration in April enacted a number of sanctions and took other steps against Russia in response to the SolarWinds campaign, Russian interference in the 2020 election and other geopolitical disputes. President Joe Biden personally confronted Russian President Vladimir Putin after the Colonial Pipeline and JBS USA ransomware incidents.
The proliferation of ransomware linked to Russia-backed threat actors has allowed the Kremlin the ability to indirectly target key U.S. industries. But the country can claim it has no direct knowledge or control over what cyber activity takes place.
Within the last few weeks, a series of ransomware attacks have hit the U.S. agricultural and food supply business. At least one of those attacks has been linked to the BlackMatter organization, a group that emerged this summer with what security researchers say are strong ties to the DarkSide organization.
"Collaboration and cooperation are key to defending against destructive threats such as ransomware," Steve Turner, analyst of security and risk at Forrester, said Thursday. "While this summit is only the first of what I'm sure are to be many, it allows the foundation to be laid for future discussions and kickstarting various initiatives."
Getting some non-traditional participants like India, Romania and Ukraine, lined up as partners in the anti-ransomware fight is a good first step, said Jamil Jaffer, SVP at IronNet, and founder and executive director of the National Security Institute at George Mason University.
"At the same time, in order to truly stave off the supply chain and other threats posed by nation-state and criminal actors in the cyber domain, we need to see concrete steps on these commitments, as well as a renewed effort to bring together U.S. and allied companies, industries and governments in a collective defense framework," he said.