The White House has held a meeting with ministers and officials from 30 nations and the European Union to discuss how to combat ransomware and other cyber threats.
The two-day series of meetings seeks to find an answer to ransomware and follows calls from US president Joe Biden for the Kremlin to hold Russia-based ransomware gangs accountable for their file encrypting attacks, rather than turning a blind eye to them so long as they don’t attack Russian organizations.
Notably absent from the White House-led group was Russia itself, which was not invited. In June Biden told Russian President Vladimir Putin that 16 US critical infrastructure entities should be off-limits from ransomware attackers operating from Russia.
The aim of the talks is to figure out an international approach to disrupting and ultimately stopping ransomware attacks.
In the two days of virtual talks, India will lead discussions on Thursday about resilience, while Australia is focusing on how to disrupt cyberattacks. The UK’s contribution focused on virtual currency, while Germany discussed diplomacy. Other countries involved include Canada, France, Brazil, Mexico, Japan, Ukraine, Ireland, Israel, South Africa.
Although Russian officials didn’t participate, a White House spokesperson said the US is in ongoing discussions with Russia via the US-Kremlin Experts Group, which is led by the White House, and was established by Biden and Putin.
One of the most disruptive ransomware attacks on US infrastructure was against Colonial Pipeline, which halted fuel distribution on the US east coast for a week in May. The company reportedly paid the equivalent of $4.4 million in bitcoin for a decryption tool from the attackers.
The FBI blamed the Colonial attack on DarkSide, which went offline shortly afterwards but resurfaced in June, according to FireEye’s incident response unit, Mandiant.
DarkSide is one of several ransomware gangs operating as a service provider, allowing other criminal gangs to use its software to extort targets. Others, including Revil, steal data and threaten to leak it online of the ransom isn’t paid.
The other major threat Biden has raised concerns about is nation-state cyberattackers, such as this year’s attacks on Microsoft Exchange email servers that UK and US officials blamed on Chinese state-sponsored hackers, dubbed Hafnium by Microsoft.
Microsoft this week reported that Kremlin-backed hackers were by far the most prolific attackers.
The message from the White House is that nations need to cooperate to bolster “collective cyber defenses” against criminal and state-sponsored cyber attacks.
“We’ve worked with allies and partners to hold nation-states accountable for malicious cyberactivity as evidenced by, really, the broadest international support we had ever in our attributions for Russia and China’s malicious cyber activities in the last few months,” a White House official said at a media briefing.
