Russia excluded from virtual White House meeting on ransomware

The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden’s effort to work with global partners to address cyber threats.

Ministers and senior officials from a range of countries will take part in the virtual meeting, though the attendees do not include representatives from Russia, which has been a key focus of the Biden administration in trying to root out criminal ransomware groups.

“The initiative builds on President Biden’s leadership to rally allies and partners to counter the shared threat of ransomware,” a senior administration official told reporters on a call previewing the meeting. “Participants will cover everything, from efforts to improve international resilience, to experience addressing the misuse of virtual currency to launder ransom payments, our respective efforts to disrupt and prosecute ransomware criminals, and diplomacy as a tool to counter ransomware.”

The senior administration official said that the Russians were not invited to the meeting due to “various constraints,” but didn’t rule out Russia attending future multi-country engagements on ransomware.

Following the meeting between Biden and Russian President Vladimir Putin in June, the U.S. and Russia established a working group so that both countries could engage directly on ransomware.

This week’s virtual meeting on countering ransomware is being spearheaded by the White House National Security Council and will take place virtually over two days — Wednesday and Thursday — and feature four sessions on resilience, disruption, virtual currency and diplomacy, the senior administration official said. The U.S. is leading the meeting but the four sessions will be individually led by India, Australia, the United Kingdom and Germany.

Biden hinted at the meeting in a statement earlier this month that designated October as Cybersecurity Awareness Month.

The full list of attendees for the meeting, according to the senior administration official, includes representatives from Australia, Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, the European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, South Korea, Romania, Singapore, South Africa, Sweden, Switzerland, the United Arab Emirates, the U.K. and Ukraine.

Representatives from China, another aggressor in cyberspace, are also not participating in the meeting. The White House said in July that it was aware of hackers linked to China’s Ministry of State Security conducting ransomware operations against private companies, as part of a broader, coordinated effort by the U.S. and allies to publicly blame the Chinese government for malicious behavior in cyberspace.

The meeting punctuates a difficult year in cybersecurity, which has seen ransomware attacks against critical institutions such as hospitals and schools multiply to the point that ransomware has become a national security threat.

Concerns were significantly heightened in May, when ransomware attacks by separate Russian-based cybercriminal groups on Colonial Pipeline, which provides 45 percent of the East Coast’s fuel, and on meat producer JBS USA endangered critical supply chains. An attack on IT group Kaseya prior to the Fourth of July holiday weekend compromised up to 1,500 other organizations.

“Ransomware incidents have disrupted critical services and businesses worldwide – schools, banks, government offices, emergency services, hospitals, energy companies, transportation, and food companies have all been affected,” reads a White House fact sheet released ahead of the two-day event. The fact sheet says that ransomware payments totaled over $400 million worldwide in 2020 and $81 million in the first quarter of this year.

The Biden administration has taken a series of actions in response to the threats from ransomware attacks, which included Biden urging Putin to crack down on cybercriminal groups within Russia’s borders during their meeting this year.

The senior administration official told reporters the U.S. has seen “some steps by the Russian government” to address ransomware since, without going into further detail, but that officials are looking for “follow up” actions.

The website for the ransomware group REvil went dark in July, but U.S. officials have not commented publicly on whether the development was the result of actions by the U.S. or the Russians. REvil was responsible for the attack on Kaseya.

The Justice Department in April also established a ransomware task force, and the Department of Homeland Security has made confronting ransomware attacks a key priority.

The administration also convened a meeting in August between the heads of groups in a range of sectors, such as the leaders of Alphabet, Amazon and Apple, to discuss how to enhance the nation’s cybersecurity. Many of the groups committed to various actions in pursuit of this goal. 

— Updated at 7 a.m.