The White House is convening a two-day virtual summit on combating the global epidemic of ransomware attacks on businesses and government institutions on Wednesday, according to senior administration officials.
More than 30 U.S. allies will participate in the meeting, including India, Australia, the United Kingdom and Germany, each of which have taken leadership roles in organizing the summit.
Participants will discuss efforts they’ve taken so far to make institutions within their borders more resilient to ransomware attacks and share strategies for tracking cryptocurrencies, like bitcoin
which are the preferred method of payment for cybercriminals executing ransomware attacks.
Senior administration officials said the gathering will build on existing efforts by President Joe Biden’s administration to combat ransomware attacks, including a successful effort by the Justice Department to track down and recoup $2.3 million in ransomware payments made by Colonial Pipeline Co. and the Treasury Department’s recent designation of the SUEX virtual currency exchange as a facilitator of illicit transactions.
The growing problem of ransomware attacks became national news earlier this year when Russia-based cybercriminals hacked the IT network of Colonial Pipeline, shutting down fuel deliveries across the eastern United States. The company said it paid roughly $4.4 million in bitcoin to a criminal group called Darkside in order to help get its systems back up.
In 2020, ransomware payments totaled more than $400 million globally, the Treasury Department estimates, four times their level in 2019. “These payments represent just a fraction of the economic harm cause by cyberattacks, but they underscore the objectives of those who seek to weaponize technology for personal gain: to disrupt our economy and damage the companies, families, and individuals who depend on it for their livelihoods, savings, and futures,” the department said last month.
Russia was not invited to the summit, senior administration officials said, even as many of the most high-profile ransomware attacks have been launched there. They stressed that the Biden administration remains in communication with Russian officials on the issue of cybercrime and that Russia has taken steps to curb its ransomware industry.
In June, Biden met with Russian President Vladimir Putin, where he pressed the Russian leader to crack down on cybercrime originating within its borders, naming 16 “critical infrastructure” sectors from the energy industry to water systems that should be “off-limits” to ransomware attacks.
Cybersecurity firm Mandiant Intelligence released a report last week detailing FIN12, “an aggressive, financially motivated,” Russian-speaking criminal group that is successfully targeting hospital systems largely based in North America, though their geographical focus appears to be shifting.
“Nearly 85 percent of the group’s known victims have been based in North America, however, we observed twice as many victim organizations based outside of North America in the first half of 2021 than we observed in 2019 and 2020 combined,” the report reads. “This shift could be due to various factors such as FIN12 working with more diverse partners to obtain initial access and increasingly elevated and unwanted attention from the U.S. government.”