Thirty countries open two-day counter-ransomware meeting

Canada is one of 30 countries participating in a two-day virtual counter-ransomware initiative by the United States to improve international cooperation in the fight against malware.

Russia was not one of the invited countries.

Today's inaugural session, one of six, is open to the press. The other five closed-door sessions were National Resilience (hosted by India), Illegal Finance (UK).

The goals include accelerating cooperation to improve network resilience, addressing financial systems that make ransomware profitable, disrupting the ransomware ecosystem through law enforcement cooperation, and through diplomacy, the White House said in a briefing to reporters yesterday. included through. Including taking advantage of resources. Improves and improves collaborative ability.

Participating countries include Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, Netherlands, New Zealand, Nigeria Huh. , Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates and UK

Asked about Russia's non-invitation to the incident, an unnamed senior White House official told reporters in the background that there is a US-Kremlin expert group that is directly discussing ransomware and cyber attacks.

In this first round of discussions, the official said, we did not invite the Russians to participate "for various reasons, including various obstacles."

"We look to the Russian government to address the ransomware criminal activity coming from actors within Russia," the official said. “I can report that we have had expert groups, clear and professional exchanges in which we have communicated those expectations. We have also shared information with Russia about criminal ransomware activity being conducted from its territory. We have seen some steps taken by the government and we want to see further action."

In an email, Chris Painter, former White House senior director for cyber policy and currently president of the Global Forum on Cyber Experts, said he believes the meeting is an achievement that sends a message that fighting ransomware will be an international effort. “I hope this is the first step in the ongoing (and necessary) process. It is unclear what deliverables will emerge, but I do expect some political commitment and perhaps some practical initiative in the post-ransomware actors and ensure that Cryptocurrency providers are your customers and comply with anti-money laundering regulations.

The meeting came as Australia proposed cracking down on ransomware, including creating new crimes for cyber extortion and targeting critical infrastructure. The government also says it will make it a criminal offense to deal with stolen data and to buy or sell malware for computer crimes.

Even today, VirusTotal, owned by Google's Chronicle Security unit, said by its count there were at least 130 different ransomware families active in the first half of 2020 and 2021. These were grouped by 30,000 groups of malware that looked and operated alike. With 6,000 groups, the rhinoceros was the most active family – followed by the Babuk, Cerber, Matsu, Kangur, Lockie, Teslacrypt, Rakor and Raven.

"While these large campaigns come and go," the VirusTotal blog said, "there is a constant baseline of ransomware activity across nearly 100 ransomware families that never stops."

The global meeting was held this year following US frustration over a ransomware attack on a Colonial pipeline that caused panic at East Coast gas stations. US ransomware payments are projected to reach over US$400 million globally in 2020, and over US$81 million in the first quarter of this year.

The Biden administration has announced specific efforts to encourage resilience in the critical infrastructure sector (which includes utilities and transportation), including voluntary cyber performance targets, classified threat briefings for critical infrastructure executives, and industrial control systems. Are included. Initiatives to improve cyber security.

Earlier this year, the Ransomware Task Force, a group of experts from 60 technology companies, universities and some international government agencies, released a comprehensive report on fighting ransomware that included calls for an international effort to fight the malware.