The U.S. is kicking off a two-day ransomware summit with 30 other nations today, part of a broader effort by the Biden administration to marshal an international coalition to harden the global digital ecosystem’s legal and technical infrastructure against the attacks.
There will be six sessions over the two-day summit that looks to address a cyber threat that has disrupted critical operations and siphoned billions of dollars from domestic industries around the world. A senior administration official told reporters Tuesday that the summit will cover “everything from efforts to improve national resilience, to experiences addressing the misuse of virtual currency to launder ransom payments, our respective efforts to disrupt and prosecute ransomware criminals, and diplomacy as a tool to counter ransomware.”
The White House is also keen to present this as an international – as opposed to U.S. directed – effort. To that end, other countries will lead discussions among leaders for each topic: India will lead the discussion on resilience, Australia on disruption and law enforcement, the UK on abuse of cryptocurrencies and Germany on diplomacy.
They also cast the summit as a starting point for deeper cooperation in the future, with an official calling it “the first of many conversations” they expect to have in the coming months with international partners.
The four topic areas the countries are focused on reflect pressure points on the ransomware ecosystem that that U.S. policymakers and law enforcement have been pushing for more than year.
With governments like Russia unable or unwilling to crack down on ransomware actors within their borders or facilitate extradition, U.S. officials have instead focused on the broader technical and financial infrastructure that many ransomware gangs rely on to carry out their operations. Recent actions to levying economic sanctions on Suex, an eastern European cryptocurrency exchange known for facilitating ransomware payments and other cybercrime, is one such example of this strategy. Coordinating international law enforcement raids to arrest affiliates and seize servers or other infrastructure used to carry out such attacks when they are located in a friendly or cooperative country is another.
The second half of this strategy is squarely focused on fostering improved defenses at home to harden U.S. targets against ransomware and deny cybercriminal gangs the low-hanging fruit they’ve been feasting on in recent years. New cybersecurity regulations imposed on the pipeline, maritime and aviation industries are examples of this approach, as is the recent cybersecurity summit the Biden White House brokered with the tech industry earlier this year, which led to a raft of (promised) investments and initiatives from companies like Amazon, Apple, Google and others to improve cybersecurity and resilience of their products and harden their customers against ransomware and other cyber attacks.
Some countries used the occasion to roll out new or enhanced strategies of their own. The first day of the summit, Australia put out a ransomware action plan that calls for legislative action to “improve the government’s situational awareness,” further criminalizes attacks that touch their critical infrastructure and allow law enforcement “to track and seize or freeze their ill-gotten gains.” It also calls for new laws that would impose mandatory incident reporting requirements on industry in the wake of a ransomware attack and a standalone law to capture all forms of cyber extortion.
In the introduction, Karen Andrews, Minister for Home Affairs, said that Australia has seen a 15% increase in reported ransomware attacks over the past year and cast an firm perspective against actions, like paying the ransom, that mirror U.S. policy.
“We need to ensure that Australia remains an unattractive target for criminals and a hostile place for them to target,” Andrews wrote.
According to the White House, the countries involved in the two-day summit include Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, the EU, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the UAE, and the UK.
Not on that list: Russia, the country many cybersecurity experts say is the nexus and home base for many of the biggest ransomware criminal groups. An administration official said they did not invite the nation and noted that a U.S./Kremlin Experts Group established between Presidents Joe Biden and Vladimir Putin offers an opportunity to directly engage with Russia on these topics. The official referenced recent “steps” the Russian government has taken on ransomware that the U.S. is looking for follow up actions on, but declined to offer more detail when pressed by reporters.
They also didn’t rule out the possibility that Russia could be part of future international gatherings.
“We do look to the Russian government to address ransomware criminal activity coming from actors within Russia. I can report that we’ve had, in the Experts Group, frank and professional exchanges in which we’ve communicated those expectations,” the official said. “We’ve also shared information with Russia regarding criminal ransomware activity being conducted from its territory.”