After Spike in Ransomware Attacks, U.S. Looks to Go on the Offensive

The Biden administration convened a virtual summit of more than 30 countries to combat the growing threat of ransomware attacks after a recent spike in high-profile cyberattacks exposed vulnerabilities in critical U.S. infrastructure.

The summit, taking place Wednesday and Thursday, is the newest and most high-profile diplomatic push by the administration to ramp up efforts to target cybercriminals and defend against cyberattacks.

“We cannot do this alone,” U.S. National Security Advisor Jake Sullivan said in opening remarks at the summit on Wednesday. “No one country, no one group can solve this problem. Transnational criminals are most often the perpetrators of ransomware crimes, and they often leverage global infrastructure and money laundering networks across multiple countries, multiple jurisdictions to carry out their attacks.”

Ransomware attacks, where hackers lock victims out of their computer networks and demand extortion payments to release them, are one in a series of cyberattacks from nonstate actors and hacking groups affiliated with Washington’s geopolitical rivals in Russia and China that the U.S. government is scrambling to defend against. Among the countries attending the virtual summit are Australia, Brazil, Canada, France, Germany, Ukraine, Israel, the United Arab Emirates, Kenya, Nigeria, Japan, and South Korea. Neither Russia nor China were invited.

The “list of countries highlights just how pernicious and transnational and global the ransomware threat has been in the different countries from all different parts of the world who will be participating,” a senior administration official said.

The senior administration official didn’t give a specific reason why Russia wasn’t invited but said U.S. President Joe Biden has a separate channel open with Russian President Vladimir Putin to discuss cyberthreats.

Cybersecurity experts said the summit is a sorely needed and long-overdue step to address the surge in ransomware attacks. “The fact that they’re having the conversation now for starters is good, though I wish that they’d done this three years ago,” said Allan Liska, a senior intelligence analyst at cybersecurity firm Recorded Future.

Top Biden administration officials have been raising the alarm bell about increased ransomware attacks this year. “Ransomware is one of the greatest cybersecurity threats that we face,” U.S. Homeland Security Secretary Alejandro Mayorkas told lawmakers during a hearing earlier this year. He said the United States has seen a 300 percent increase in ransomware attacks over the past year, leading to more than $300 million in losses.

So far, however, the latest flurry in high-level diplomacy and other actions against cybercriminal groups haven’t fully stemmed the tide of ransomware attacks. On Wednesday, just as the White House began convening its summit, an Israeli hospital system was reportedly targeted by a new ransomware attack.

The Biden administration has sought to rally its allies to help fight cyberthreats and ransomware attacks, pushing NATO to adopt a new cyber defense policy and launching talks on cyberthreats among G-7 nations. It also launched a series of initiatives in recent months to target cybercriminals and boost protection against ransomware attacks following several high-profile ransomware attacks against a major oil pipeline company and a meat-processing company earlier this year. The attacks laid bare how vulnerable elements of U.S. critical infrastructure, including its food and energy sectors, were to cyber incursions.

Liska said the U.S. government needs to step up its support on cybersecurity for industries it considers critical infrastructure, particularly in the manufacturing and agricultural sectors as well as utility companies. “If the government is going to classify these sectors as critical infrastructure, the government needs to invest into their cybersecurity,” he said.

“They operate on such slim margins that investing heavily in cybersecurity just isn’t in their pipeline.”

In June, the U.S. Justice Department established a new task force specialized in combating ransomware attacks, and the following month, the State Department announced a program offering monetary rewards of up to $10 million for information identifying cybercriminals. Last month, the Treasury Department rolled out sanctions against a Russian-based cryptocurrency exchange for its alleged role in ransomware attacks—the first such action the U.S. government has taken on cryptocurrency. Cybersecurity experts said hacking groups operate in Russia and China with tacit approval from those governments, even though their direct links with Moscow and Beijing can be murky or difficult to track.

Justin Sherman, a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative, said the U.S. government and its allies should do more on the cryptocurrency front. “Most ransomware payments are facilitated via cryptocurrency, and so targeting the financing mechanisms will perhaps disincentivize criminals from continuing to engage in” ransomware attacks, he said.

The U.S. government blamed Russian hackers for a massive cyberattack against tech company SolarWinds that went undetected for months and allowed the hackers to snoop on SolarWinds’s clients and business partners, including private companies, cybersecurity firms, and the upper echelons of the U.S. government. Cybersecurity experts and U.S. officials believe it to be the largest and most sophisticated cyberattack—and one of the largest breaches of U.S. government systems—ever. The Russian government has denied any wrongdoing and dismisses criticism that it harbors cybercriminals.