The United States, European Union and three dozen countries vowed a crackdown on ransomware after meeting for two days in the White House.
The meeting marked a one year anniversary of the Biden administration-led International Counter Ransomware Initiative, an effort that U.S. officials insist has made progress over the past 12 months even as ransomware continues to wreak havoc, whether by affecting patient care at a one of the America’s largest hospital networks or extortion demands made against Australia’s largest private health insurer. The Department of Treasury tallied on Tuesday actual or attempted ransomware payouts by U.S. financial institutions during 2021 as totatling nearly $1.2 billion.
“We’ve seen takedowns,” a senior administration official said in a press call Sunday night, pointing to the arrest and recent sentencing of a Canadian affiliate of a ransomware-as-a-service gang. Still, “we’re seeing the pace and the sophistication of the ransomware attacks increasing faster than our resilience and disruption efforts,” the official acknowledged.
In a Tuesday joint declaration, members of the initiative said they will ensure ransomware hackers are not provided with a safe haven. They pledged to target hackers’ ability to profit from extortion by enforcing “know your customer” requirements for cryptocurrency trading platforms.
A voluntary International Counter Ransomware Task Force led by Australia will swap early warning signs of ransomware attacks “as well as consolidate policy and best practice frameworks,” the declaration states.
A Regional Cyber Defense Centre in Lithuania will test out the task force concept by implementing a scaled-down version of operationalized ransomware threat information sharing.
The 36 countries that make up the initiative include Ukraine – a country with its share of home-grown financially-motivated hackers – but does not include Russia, the epicenter of ransomware operations.
During the inaugural 2021 meeting of the initiative, a senior administration official said Russia wasn’t invited but left the door open for a possible future invite. The same official on Sunday dismissed the possibility, saying the initiative is “less about Russia and more about how we, as a set of countries, make it harder, costlier, and riskier for ransomware actors to operate.”
The ransomware confab also included participation from 13 private sector companies and organizations including security mainstays Microsoft, Crowdstrike, Mandiant and Palo Alto Networks, nonprofits Cyber Threat Alliance, the Cybersecurity Coalition and the Institute for Security & Technology. Also attending were Flexxon, SAP, Siemens, Internet 2.0, Tata Consultancy Services and Telefónica.