When the White House convenes a summit on countering ransomware Wednesday, 30 nations will join the United States to discuss issues related to cracking down on the cybercriminals behind ransomware attacks. But one particular country will be notably absent: Russia.
“We did not invite the Russians to participate,” a senior administration official said on a briefing call Tuesday with reporters, citing “a host of reasons,” such as “various constraints.” The official did not go into detail.
Following a flurry of ransomware attacks that have crippled U.S. entities, senior administration officials have lambasted Russia for turning a blind eye to ransomware gangs that have operated within its borders for years. The cyberattacks, which leave victims’ computers locked up unless companies pay hefty ransoms to faceless criminals, have in recent months hit a critical pipeline on the East Coast—leaving Americans queuing up for fuel—as well as a meat supplier, a grain co-op, hospitals, and countless schools.
The snub to Russia is the latest indication that, although President Joe Biden met with President Vladimir Putin earlier this year to pressure Moscow to crack down on ransomware gangs, Russia hasn’t made significant progress.
At their June summit in Geneva, Biden warned Putin that the U.S. would take any action necessary to change the status quo of Russian criminals launching cyberattacks against American companies from Russian soil. And in July, Biden warned that a cyber-breach could lead to a “real shooting war” after warning that the U.S. could run retaliatory cyberattacks against the hackers.
And yet, ransomware attacks have continued steadily. According to data-leak sites—where some ransomware attackers post or threaten to post stolen data they use to extort their victims—there hasn’t been a notable decline in attacks in recent months.
Allan Liska, a ransomware expert and intelligence analyst at security firm Recorded Future, told The Daily Beast that attacks have had a “big uptick” in September.
“Ransomware attacks overall are flat to slightly up this year,” Liska said.
“Inviting Putin to the summit would send the wrong message: that Russia is an active partner in trying to stop ransomware. That is clearly not the case,” Liska added. “Even if the Russian government is not directly involved in ransomware attacks, they are also not taking steps to stop the activity.”
According to data from FireEye’s Mandiant, on the other hand, there has been a “lull” from ransomware attackers in recent days, the firm said on Twitter.
But Russian commitments to tamp down on criminals operating from Russia are not clear-cut in any case. Even after the Biden administration shared criminal information with Moscow, the White House noted Tuesday that it hasn’t seen much Russian work on getting ransomware gangs to cut it out yet.
“We’ve shared information regarding specific criminal actors within Russia, and Russia has taken initial steps,” the senior administration official said. “We will look to see follow-on in that area.”
Rounding up those criminal actors the U.S. has named would be a good pre-condition before Russia can join these counter-ransomware meetings, Dmitri Alperovitch, the co-founder of security firm CrowdStrike, told The Daily Beast. But it doesn’t look like that will happen anytime soon.
“It’d be nice to see arrests of those people, but at a minimum we should see less activity from ransomware groups especially those targeting critical infrastructure… and we’re just not seeing that at the moment,” Alperovitch, the chairman of the Silverado Policy Accelerator, told The Daily Beast.
The Biden Administration hopes to center conversations this week around “holding accountable states that allow criminals to operate from within their jurisdictions,” the senior official said.
Chris Painter, formerly the top cyber-diplomat in the U.S. government, suggested excluding Russia makes this week a good opportunity for the U.S. to get together with allies to draft new strategies on cornering Putin into targeting specific criminal actors.
“We haven’t seen any substantial progress by Moscow in going after the groups that are operating in its territory,” Painter told The Daily Beast. “It makes sense to get more like-minded countries together to discuss how to maybe put pressure on Russia.”
Painter added that the summit and the snub sends a message to Moscow: “We’re not just going to wait forever, we’re going to… do what we can to go after this problem even if you don’t cooperate.”
Painter theorized that Russia likely wouldn’t cooperate or follow through on any law enforcement information shared in Moscow unless the Kremlin got something in return, noting that Putin definitely has the power to stamp out the cybercriminals in question.
“Russia has never been that cooperative on cybercrime,” he said.
The summit, which is slated to be the first of many, will center around four main goals, with several representatives from foreign countries leading the conversation. Australia will lead conversations about how to best disrupt ransomware gangs. The United Kingdom will lead conversations about better regulating virtual currencies. Germany will take point on how diplomatic conversations fit into the crackdown. And India will lead discussions on resilience against ransomware attacks.
Other participants this week include Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, the European Union, France, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, The Netherlands, New Zealand, Nigeria, Poland, South Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, and the United Arab Emirates.