Notably absent from the virtual conference was Russia, the country primarily seen as harboring ransomware criminals. Also not invited were the three other countries often accused by the West of malign cyberactivity: China, Iran and North Korea.
“No one country, no one group can solve this problem,” White House national security adviser Jake Sullivan told the gathering Wednesday. “We view international cooperation as foundational to our collective ability to deal with the ransomware ecosystem, to hold criminals and the states that harbor them accountable, and to reduce the threat to our citizens in each of our countries.”
The meeting was intended to be the first of many, he said.
The gathering broadened the usual coalition of “like-minded” nations on the cyber issue beyond the Group of Seven leading industrial countries and Western Europe to include nations like India, Brazil, Ukraine, Nigeria and the United Arab Emirates.
The meeting did not result in any formal treaty or pledge, but rather yielded a statement laying out cooperation across a wide range of areas: countering illicit finance; disruption of ransomware networks through law enforcement; diplomacy to encourage states to hold criminals accountable; and strengthening cybersecurity.
The gathering brought together officials and experts from law enforcement, information security and financial regulation. They acknowledged that taking action to disrupt ransomware crime requires concerted efforts to stop illicit payments through difficult-to-trace cryptocurrency systems and money-laundering networks.
Ransomware payments rose to more than $400 million globally last year, according to the White House.
Though Russia was not named in the statement, the group addressed the issue of safe harbors. “We will leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cyber criminals,” it said.
Cyber policy experts praised the effort, even if the resulting statement was light on details. “It’s a very strong statement of political will, first and foremost,” said Christopher Painter, a top State Department cyber official in the Obama administration. “It sends a signal that this is a priority and will continue to be a priority.”
Though Russia was not involved in the meeting, White House officials note that they have a separate channel to engage directly with Moscow on the issue. There have been several meetings to date through that channel in which experts had “frank and professional exchanges” to convey Washington’s expectation that Russia would crack down on ransomware criminals, a senior administration official said this week.
“We’ve also shared information with Russia regarding criminal ransomware activity being conducted from its territory,” the official said, speaking on the condition of anonymity under ground rules set by the White House. “We’ve seen some steps by the Russian government and are looking to see follow-up actions.”
Deborah Housen-Couriel, the chief legal officer for Konfidas, a cybersecurity company based in Tel Aviv, said it wasn’t surprising to see China and Russia excluded from the gathering. “But without their eventual participation in countering this global problem — even partially — the results will be necessarily limited,” she added.
Painter, for his part, said that including Russia in the larger group “limits the ability to have frank discussions, including how you might collectively get Russia to take action.”
At this stage, he said, the goal is to marshal the broadest group to pressure states that are recalcitrant. “The larger the set of countries, the more powerful and politically legitimate the message: Countries should not provide a safe haven for cybercriminals.”