Canada is among 30 countries participating in a two-day virtual counter-ransomware initiative being facilitated by the United States to improve international co-operation in the fight against the malware.
Russia was not one of the countries invited.
Today’s opening session, one of six, is open to the press. The other five closed-door sessions are on national resilience (hosted by India), countering illicit finance (hosted by the U.K.), disruption and other law enforcement efforts (hosted by Australia), and diplomacy (hosted by Germany).
In a briefing to reporters yesterday, the White House said the goals include accelerating co-operation on improving network resilience, addressing the financial systems that make ransomware profitable, disrupting the ransomware ecosystem via law enforcement collaboration, and leveraging the tools of diplomacy to address safe harbors and improve partner capacity.
Participating nations include Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, the European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the UAE, and the U.K.
Asked about Russia’s non-invitation to the event, an unnamed senior White House official told reporters on background that there is a U.S.-Kremlin Experts Group that is directly discussing ransomware and cyber attacks.
In this first round of discussions, the official said, we did not invite the Russians to participate “for a host of reasons, including various constraints.”
“We do look to the Russian government to address ransomware criminal activity coming from actors within Russia,” the official said. “I can report that we’ve had, in the Experts Group, frank and professional exchanges in which we’ve communicated those expectations. We’ve also shared information with Russia regarding criminal ransomware activity being conducted from its territory. We’ve seen some steps by the Russian government and are looking to see follow-up actions.”
In an email, Chris Painter, former White House senior director for cyber policy and currently president of the Global Forum on Cyber Expertise, said he believes the meeting is an accomplishment that sends a message that fighting ransomware will be an international effort. “I expect this is only the first step of a sustained (and needed) process. Unclear what deliverables will come out but I’d expect some political commitments and maybe some practical initiatives to go after ransomware actors and ensure cryptocurrency providers are following the know your customer and anti-money laundering regulations.”
The meeting comes as Australia proposes cracking down on ransomware, including creating new offences for cyber extortion and targeting critical infrastructure. The government also says it will make it a criminal offence to deal in stolen data and to buy or sell malware for computer crimes.
Also today, VirusTotal, owned by Google’s Chronicle Security unit, said by its count at least 130 different ransomware families were active in 2020 and the first half of 2021. These were grouped by 30,000 clusters of malware that looked and operated in a similar fashion. With 6,000 clusters, GandCrab was the most active family – followed by Babuk, Cerber, Matsnu, Congur, Locky, Teslacrypt, Rkor and Reveon.
“While these big campaigns come and go,” the VirusTotal blog said, “there is a constant baseline of ransomware activity of approximately 100 ransomware families that never stops.”
The global meeting was arranged largely because of U.S. frustration after this year’s ransomware attack on Colonial Pipeline, which sparked panic lineups at East Coast gas stations. The U.S. estimates ransomware payments reached over US$400 million globally in 2020, and topped US$81 million in the first quarter of this year.
The Biden administration has announced specific efforts to encourage resilience in the critical infrastructure sector (which includes utilities and transportation), including voluntary cyber performance goals, classified threat briefings for critical infrastructure executives, and an initiative on improving the cybersecurity of industrial control systems.
Earlier this year, the Ransomware Task Force, a group of experts from 60 technology companies, universities and some international government agencies, issued a sweeping report on fighting ransomware that included a call for an international effort to fight the malware.