The White House called on Russia to do more to crack down on ransomware groups operating from the country but conceded that Moscow has taken “some steps” after President Joe Biden urged his Russian counterpart to tackle the groups in the summer. A senior administration official told reporters that the US wants to see “follow-up actions” ahead of a 30-country virtual meeting on ransomware that began Wednesday.
The US government has “shared information with Russia regarding criminal ransomware activity being conducted from its territory,” said the official, who spoke on the condition of anonymity under ground rules that the White House set for the call.
“We’ve seen some steps by the Russian government and are looking to see follow-up actions,” said the official, who declined to say what those steps and actions were.
US national security adviser Jake Sullivan kicked off the virtual meeting by telling delegates, “We cannot do this alone.” Sullivan called for more cooperation on ransomware to “hold criminals and the states that harbor them accountable.”
“Transnational criminals are most often the perpetrators of ransomware crimes, and they often leverage global infrastructure and money laundering networks across multiple countries, multiple jurisdictions to carry out their attacks,” Sullivan said.
A spokesperson for the Russian Embassy in Washington did not respond to a request for comment.
Biden in June urged Russian President Vladimir Putin to crack down on Russian-speaking hackers after a string of ransomware attacks cost US companies millions of dollars. One such incident forced Colonial Pipeline, which provides some 45% of fuel for the East Coast, to shut down operations for days in May.
The disruptions have placed cybersecurity, and ransomware in particular, high on the list of national security priorities for the White House.
Senior government officials from the US and 30 allied countries are meeting virtually Wednesday and Thursday to forge closer cooperation in the fight against ransomware, which has knocked computers offline at health care centers in multiple countries during the coronavirus pandemic.
Australia, France, Germany and the United Kingdom are among the countries represented at the meetings, according to the White House. The discussions are focusing on efforts to prosecute and disrupt ransomware groups and on dealing with the role of cryptocurrency in funding ransomware attacks, among other issues.
Russia is conspicuously absent from the meetings as the White House tries to make progress in bilateral talks with Moscow.
Since the Biden-Putin meeting, US officials have watched closely for changes in behavior from the Russian government and for any change in the pace of cybercriminal operations emanating from Russia.
Mandiant, a US cybersecurity firm that responds to ransomware incidents, has reported a lull in activity from some ransomware groups. But whether any reduction in ransomware attacks endures remains to be seen.
A spokesperson for Recorded Future, another cybersecurity firm, told CNN that the firm has been tracking a “Russian-based ransomware group that currently has over 100 members” and is “actively recruiting new cybercriminals.”
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said last week that she had not seen “significant, material changes” in Russian behavior since the tete-a-tete between Biden and Putin.
Cybersecurity analysts say one of the most effective ways to combat ransomware is to arrest the people who develop and deploy the computer-locking software. While Russian cooperation has been elusive, the US has leaned heavily on allies in Europe in raids against some criminal groups.
The FBI and European enforcement agencies last month arrested two people in Ukraine who allegedly had made multimillion-dollar ransom demands following hacks of European and US organizations.
Timo Koster, a former Dutch diplomat focused on cybersecurity, said he expects countries like the US and the Netherlands to encourage other governments to take more assertive actions against cybercriminal groups.
“More international cooperation is needed” in coordinating how countries attribute cyberattacks to specific actors and on responses from law enforcement and security agencies, Koster told CNN.