U.S. convenes 30 countries on ransomware threat — without Russia or China
Martin Matishak October 13, 2021

U.S. convenes 30 countries on ransomware threat — without Russia or China

Martin Matishak

October 13, 2021

U.S. convenes 30 countries on ransomware threat — without Russia or China

The Biden administration did not invite Russia to participate in the first meeting of a global effort to combat cybercrime, but could welcome the country that has become synonymous with ransomware to future gatherings.

On Wednesday the White House will begin a two-day virtual event with representatives from 30 countries around the world, dubbed the “Counter-Ransomware Initiative.” The forum is meant to strengthen law enforcement cooperation and diplomatic ties against malicious activities, including the misuse of virtual currency to launder ransom payments.

“In this first round of discussions we did not invite the Russians to participate for a host of reasons,” a senior administration official told reporters during a call on Tuesday. “That doesn’t preclude future opportunities for them to participate as we do further sessions.”

The official said there have been “candid and direct” talks within the experts group that was established after President Joe Biden and Russian President Vladimir Putin met earlier this year about what actions Washington expects the Kremlin to take against ransomware gangs operating on its soil.

“We’ve seen some steps by the Russian government and are looking to see follow-up actions,” according to the official, who declined to elaborate. 

A National Security Council spokesperson later told The Record that China — another major U.S. adversary in cyberspace — also was not invited to the assembly.

Earlier this year the administration and Western allies blamed China for a massive breach of Microsoft Exchange email server software and asserted that criminal hackers connected to the country’s government had carried out ransomware attacks. Last week it was reported Biden and Chinese President Xi Jinping had reached an agreement “in principle” to hold a virtual meeting before the end of the year where the topic of cybersecurity could arise.

Ransomware has become a national security threat over the last year following a series of devastating attacks on businesses that operate critical infrastructure, such as the Colonial Pipeline. Biden gave Putin a list of 16 critical infrastructure sectors that are supposed to be off limits to hackers but, after a brief lull, attacks on U.S. targets by organizations known or suspected to be in Russia have ramped up.

Last month a senior FBI official said his agency saw “no indication” Moscow has cracked down on criminal networks within its territory. A week later the Treasury Department imposed sanctions on a cryptocurrency exchange owned by Russian nationals that officials allege helped launder more than $160 million in illicit funds for various ransomware and criminal groups.

The two-day White House event is organized into six sessions, beginning with a public plenary of the gathered representatives, ministers and other officials. Proceedings will then split into four panels, each led by a different country — India on resilience, Australia on disruption of illicit actors and networks, the United Kingdom on virtual currency and Germany on diplomacy — before reconvening Thursday for a final plenary that will summarize the discussions and outline next steps.

The administration official suggested there would be concrete takeaways from the coalition’s meeting but declined to offer any specifics.

The official stressed there would be similar meetings in the future.

“This is not our first international engagement, it won’t be our last,” the official told reporters. The countries that are participating “are not our only valued partners. We look forward to future engagements in collaboration with these and other countries as we expand and accelerate cooperation on this important topic.”

Martin is a cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.