Administration says it has ‘a separate channel’ to discuss ransomware with Russia
President Biden is hosting virtual meetings this week with more than 30 countries to “accelerate cooperation to combat ransomware,” but the White House did not extend an invitation to Russia, senior administration officials said, adding it Given that there is a “separate” between the United States and the Kremlin. channel” where they “actively” discuss the matter.
Senior administration officials said the president’s meetings on Wednesday and Thursday are intended to build on US leadership in rallying allies and partners to address ransomware threats around the world, which officials said were “scale, sophisticated and increasing in frequency” and has afflicted governments, individuals and private companies around the world.
Officials outline the White House’s four-point strategy for tackling ransomware – disrupting ransomware actors; increased resilience to withstand ransomware attacks; Addressing the misuse of virtual currency to legitimize ransomware payments; and leveraging international cooperation to disrupt the ransomware ecosystem.
The participating countries in the virtual meeting are Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, United Kingdom and European Union.
“Russia is not participating at this time,” a senior administration official said, adding that the administration has “a separate channel in which we are actively discussing ransomware” with Russia.
Officials said the president set up a US-Kremlin expert group for the US to engage “directly” on the ransomware issue.
“We look to the Russian government to address ransomware criminal activity coming from actors within Russia,” an official said, adding that the Biden administration has “shared information about criminal ransomware activity from its territory with Russia.” of it.”
“We have seen some steps by the Russian government, and would like to see follow-up action and broader international cooperation is an important line of effort, because these are international criminal organizations,” an official said, adding that “they take advantage of the global infrastructure.” pick up.” and money laundering networks to carry out their attacks.”
Biden raised the issue of ransomware during his summit with Russian President Vladimir Putin in Geneva in June. At the time, Biden said he told Putin that “attacking some critical infrastructure should be out of bounds.” Biden said he defined “16 specific entities as critical infrastructure,” adding that it ranges from energy to water systems.
However, Putin denied during his press conference after the meeting that Russia was responsible for the cyber attacks and instead claimed that most cyber attacks in the world were from the US.
But Biden administration officials stressed Tuesday that working with international partners is imperative to ensure the US can deter attacks, including “the illegal use of virtual currency that actually drives the growth of ransomware.” ”
Last month, the Treasury Department imposed sanctions on virtual currency exchange SUEX OTC, SRO, after it determined that it was “facilitating illicit income-linked transactions” for at least eight ransomware variants.
The Biden administration has explained that some virtual currency exchanges have proven to be a “critical element” for ransomware, as virtual currency “is a major means of facilitating ransomware payments and related money-laundering activities.”
The Treasury Department’s Office of Foreign Asset Control’s designation of SUEX is “the first designation of a virtual currency exchange with complicity in criminal ransomware activity.” The Treasury Department said virtual currency exchanges, such as SUEX, “are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity.”
“The Treasury will continue to disrupt and hold these entities accountable to reduce the incentives for cybercriminals to perform these attacks,” the Treasury Department said, adding that the designation of SUEX was carried out in coordination with the FBI.
The Biden administration’s effort to bolster cybersecurity comes after a string of ransomware attacks earlier this summer in which foreign malicious actors targeted pieces of critical US infrastructure.
Cyber security official warns of more ransomware attacks
In June, a ransomware attack shut down the US-based meat plants of Brazil-based JBS, the world’s largest meatpacker. The White House said the hack was perpetrated by a criminal group based in Russia.
The attack on JBS comes just weeks after the largest US fuel pipeline, the Colonial Pipeline on the East Coast, was targeted by a criminal group originating in Russia.
Senior administration officials said the overall “optimal” approach is modernizing national defence, the federal government, state and local government and critical infrastructure as well as the broader private sector so that they are “modern enough to meet the threat”. .
In July, President Biden signed a national security memorandum instructing his administration to develop cybersecurity performance goals for critical basic infrastructure In the US – entities such as power utility companies, chemical plants and nuclear reactors.
The memo formally established Biden’s Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities, to facilitate the deployment of technologies and systems that provide threat visibility indicators and identification. Huh.