Dive Brief:
- White House officials are expected to provide an update Thursday on new international cooperation designed to fight the proliferation of ransomware. Allies from across the globe convened virtually on Wednesday to develop a multi-pronged strategy to combat the growing threat.
- Russia was noticeably left out of the 30-nation virtual event, but a senior State Department official is meeting directly with Russian counterparts on the issue this week, according to senior administration officials who previewed the summit.
- The Biden administration has previously engaged Russia on some of these issues through the U.S.-Kremlin Experts Group and shared information on criminal ransomware activity taking place in its borders, senior administration officials said. Officials confirmed Russia has taken some steps to combat the activity but said the administration was still looking for follow-up actions. Beyond that, international cooperation was still needed to further mitigate the threats.
Dive Insight:
The summit is taking place amid a recent resurgence of shadowy ransomware activity led primarily by newly formed groups industry analysts and security researchers consider as offshoots of some of the world's most active organizations.
In late spring, the Biden adminstration began an effort to crack down on malicious ransomware activity following the attacks on Colonial Pipeline in May and the JBS USA meat processing incident that followed the Memorial Day holiday weekend.
Biden drew a red line around attacks that threatened key U.S. critical infrastructure targets. The administration made implicit threats that the U.S. maintained the right to unleash its own strategic cyber capabilities against overseas targets if the ransomware attacks continued.
In addition to Russia, China and North Korea — two other leading nation-state actors suspected of ransomware involvement — were left out of the summit too, according to officials.
"In security, the community is everything," said Allie Mellen, analyst at Forrester Research. "Hosting the summit is a valuable step not only in highlighting the challenges we have facing ransomware but also working towards more comprehensive solutions."
The discussions at the summit center around four main areas, according to Katell Thielemann, research VP at Gartner, including:
- Developing resilience to combat ransomware
- Combating the use of cryptocurrency as an enabler of ransomware activity
- How to disrupt ransomware activity
- Using diplomacy to combat ransomware
Beyond the other key countries left outside the virtual event, the private sector was not given a seat at the table either. The larger effort to combat ransomware should be seen through a wider lens as the beginning of a longer term project, according to Thielemann.
"This problem is thorny, messy, ever-changing and will likely get worse before it gets better," Thielemann said. "But at the very least, this summit sends the message that the 'coalition of the willing' global community is starting to come together."