The White House National Security Council this week is hosting more than 30 countries in a virtual meeting aimed at “accelerating cooperation” to combat ransomware worldwide, part of the Biden administration’s four-part strategy to contend with cyber-attacks that are frequently carried out by some countries and criminal organizations to profit from shutting down an entity’s information systems until a ransom is paid to allow network operations to resume.
The two days of virtual meetings that run Wednesday and Thursday are part of President Biden’s work to “rally allies and partners to counter the shared threat of ransomware,” a senior administration official said on Tuesday during a background call with media ahead of the event.
The U.S. is leading the meeting initiative but other countries also played key roles in organizing the event, the official said. The meetings include government ministers and senior officials and will focus on four areas, including improving national resilience, led by India, addressing challenges associated with virtual currencies in laundering ransom payments, led by the United Kingdom, disrupting and prosecuting ransomware criminals, led by Australia, and diplomacy and tools to counter ransomware, led by Germany.
The official said the meeting is the “first of many conversations among the international partners participating this week and beyond.”
The meetings this week are expected to result in some sort of deliverable based on preparatory work done leading up to the event but the official said this will be discussed publicly on Thursday after the discussions are completed.
Russia and China are not part of the meeting and the official said that Russia wasn’t invited.
The U.S. and Russia continue to engage in a working group on ransomware activity occurring within Russia, the official said, adding that the U.S. has shared information with Russia on that criminal activity.
“We’ve seen some steps by the Russian government and are looking to see follow-up actions,” the official said. “And broader international cooperation is an important line of effort because these are transnational criminal organization and they leverage global infrastructure money laundering networks to carry out their attacks.”
In addition to the U.S. and the countries leading the four lines of effort, other countries participating are Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, the European Union, France, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, South Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, and the UAE.
The Biden administration is pursuing a four-part strategy to coordinate its “whole of government” approach to ransomware, the official said. The first part of the strategy is to “disrupt ransomware infrastructure and actors,” which the U.S. has already been doing through actions such as the FBI’s recovery of a portion of a ransom payment made by Colonial Pipeline earlier this year and the targeting by the Treasury Department of a virtual currency exchange used for laundering ransom payments, the official said.
The second component to the strategy is strengthening resilience to ransomware attacks. Recent examples of this are the Transportation Security Administration’s directives mandating cybersecurity measures for U.S. pipeline operators and other transportation networks and an administration initiative on the cybersecurity of industrial control systems, the official said.
The third part of the strategy is to go after virtual currency exchanges that are laundering ransom payments by “leveraging existing and acquiring new capabilities to trace and interdict ransomware proceeds,” the official said.
The final pillar is leveraging international partners and allies to “disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,” the official said, pointing to this week’s virtual meetings as prime example.