X
Tech

The White House is having a big meeting about fighting ransomware. It didn't invite Russia

The US hopes an international response can contain cyber attackers looking to make money from encrypting your data.
Written by Liam Tung, Contributing Writer

The White House has held a meeting with ministers and officials from 30 nations and the European Union to discuss how to combat ransomware and other cyber threats. 

The two-day series of meetings aimed to find an answer to ransomware and followed calls from US president Joe Biden for the Kremlin to hold Russia-based ransomware gangs accountable for their file-encrypting attacks, rather than turning a blind eye to them so long as they don't attack Russian organizations.   

Notably absent from the White House-led group was Russia itself, which was not invited. In June, Biden told Russian President Vladimir Putin that 16 US critical infrastructure entities should be off-limits from ransomware attackers operating from Russia. 

SEE: Ransomware attackers targeted this company. Then defenders discovered something curious

The aim of the talks was to figure out an international approach to disrupting and ultimately stopping ransomware attacks. 

In the two days of virtual talks, India led discussions on Thursday about resilience, while Australia focused on how to disrupt cyberattacks. The UK's contribution focused on virtual currency, while Germany discussed diplomacy. Other countries involved included Canada, France, Brazil, Mexico, Japan, Ukraine, Ireland, Israel, and South Africa.

Although Russian officials didn't participate, a White House spokesperson said the US is in ongoing discussions with Russia via the US-Kremlin Experts Group, which is led by the White House, and was established by Biden and Putin. 

One of the most disruptive ransomware attacks on US infrastructure was against Colonial Pipeline, which halted fuel distribution on the US east coast for a week in May. The company reportedly paid the equivalent of $4.4 million in bitcoin for a decryption tool from the attackers.

The FBI blamed the Colonial attack on DarkSide, which went offline shortly afterwards but resurfaced in June, according to FireEye's incident response unit, Mandiant

DarkSide is one of several ransomware gangs operating as a service provider, allowing other criminal gangs to use its software to extort targets. Others, including Revil, steal data and threaten to leak it online if the ransom isn't paid.    

SEE: BYOD security warning: You can't do everything securely with just personal devices

The other major threat Biden has raised concerns nation-state cyber attackers, such as this year's attacks on Microsoft Exchange email servers, which UK and US officials blamed on Chinese state-sponsored hackers, dubbed Hafnium by Microsoft

Microsoft this week reported that Kremlin-backed hackers were by far the most prolific attackers

The message from the White House is that nations need to cooperate to bolster "collective cyber defenses" against criminal and state-sponsored cyberattacks. 

"We've worked with allies and partners to hold nation states accountable for malicious cyberactivity as evidenced by, really, the broadest international support we had ever in our attributions for Russia and China's malicious cyber activities in the last few months," a White House official said at a media briefing. 

Editorial standards