[BreachExchange] The White House is having a big meeting about fighting ransomware. It didn't invite Russia

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Oct 14 10:08:07 EDT 2021


https://www.zdnet.com/article/the-white-house-is-having-a-big-meeting-about-fighting-ransomware-it-didnt-invite-russia/

The White House has held a meeting with ministers and officials from 30
nations and the European Union to discuss how to combat ransomware and
other cyber threats.

The two-day series of meetings aimed to find an answer to ransomware and
followed calls from US president Joe Biden for the Kremlin to hold
Russia-based ransomware gangs accountable for their file-encrypting
attacks, rather than turning a blind eye to them so long as they don't
attack Russian organizations.

Notably absent from the White House-led group was Russia itself, which was
not invited. In June, Biden told Russian President Vladimir Putin that 16
US critical infrastructure entities should be off-limits from ransomware
attackers operating from Russia.

The aim of the talks was to figure out an international approach to
disrupting and ultimately stopping ransomware attacks.

In the two days of virtual talks, India led discussions on Thursday about
resilience, while Australia focused on how to disrupt cyberattacks. The
UK's contribution focused on virtual currency, while Germany discussed
diplomacy. Other countries involved included Canada, France, Brazil,
Mexico, Japan, Ukraine, Ireland, Israel, and South Africa.

Although Russian officials didn't participate, a White House spokesperson
said the US is in ongoing discussions with Russia via the US-Kremlin
Experts Group, which is led by the White House, and was established by
Biden and Putin.

One of the most disruptive ransomware attacks on US infrastructure was
against Colonial Pipeline, which halted fuel distribution on the US east
coast for a week in May. The company reportedly paid the equivalent of $4.4
million in bitcoin for a decryption tool from the attackers.

The FBI blamed the Colonial attack on DarkSide, which went offline shortly
afterwards but resurfaced in June, according to FireEye's incident response
unit, Mandiant.

DarkSide is one of several ransomware gangs operating as a service
provider, allowing other criminal gangs to use its software to extort
targets. Others, including Revil, steal data and threaten to leak it online
if the ransom isn't paid.

The other major threat Biden has raised concerns nation-state cyber
attackers, such as this year's attacks on Microsoft Exchange email servers,
which UK and US officials blamed on Chinese state-sponsored hackers, dubbed
Hafnium by Microsoft.

Microsoft this week reported that Kremlin-backed hackers were by far the
most prolific attackers.

The message from the White House is that nations need to cooperate to
bolster "collective cyber defenses" against criminal and state-sponsored
cyberattacks.

"We've worked with allies and partners to hold nation states accountable
for malicious cyberactivity as evidenced by, really, the broadest
international support we had ever in our attributions for Russia and
China's malicious cyber activities in the last few months," a White House
official said at a media briefing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211014/0ab4e68a/attachment.html>


More information about the BreachExchange mailing list