The White House is holding a two-day international conference starting Wednesday to combat ransomware computer attacks on business operations across the globe that cost companies, schools and health services an estimated $74 billion in damages last year.
U.S. officials are meeting on Zoom calls with their counterparts from at least 30 countries to discuss ways to combat the clandestine attacks. Russia, a key launchpad for many of the attacks, was left off the invitation list as Washington and Moscow officials engage directly on attacks coming from Russia.
This year has seen an epidemic of ransomware attacks in which hackers from distant lands remotely lock victims’ computers and demand large extortion payments to allow normal operations to resume.
Ransomware payments topped $400 million globally in 2020, the United States says, and totaled more than $81 million in the first quarter of 2021.
Two U.S. businesses, the Colonial Pipeline Company that delivers fuel to much of the eastern part of the country and the JBS global beef producer, were targeted in major ransomware attacks in May.
Colonial paid $4.4 million in ransom demands, although U.S. government officials were soon able to surreptitiously recover $2.3 million of the payment. JBS said it paid an $11 million demand.
Other U.S. companies were also attacked, including CNA Financial, one of the country’s biggest insurance carriers; Applus Technologies, which provides testing equipment to state vehicle inspection stations; ExaGrid, a backup storage vendor that helps businesses recover after ransomware attacks; and the school system in the city of Buffalo, New York.
Attackers have also targeted victims in other countries, including Ireland’s health care system, the Taiwan-based computer manufacturer Acer and the Asia division of the AXA France cyber insurer.
A senior White House official, briefing reporters ahead of the ransomware conference, said the U.S. views the meetings “as the first of many conversations” on ways to combat the attacks.
At a summit in Geneva in June, U.S. President Joe Biden and Russian President Vladimir Putin created a working group of experts to deal with ransomware attacks.
“We do look to the Russian government to address ransomware criminal activity coming from actors within Russia,” the White House official said. “I can report that we've had, in the experts group, frank and professional exchanges in which we've communicated those expectations. We've also shared information with Russia regarding criminal ransomware activity being conducted from its territory.”
“We've seen some steps by the Russian government and are looking to see follow-up actions,” the official said, without elaborating.
While U.S. officials say they know the identity of some of the attackers in Russia, Moscow does not extradite its citizens for criminal prosecutions.
One of the major topics at the conference, the Biden official said, will be how countries can cooperate to trace and disrupt criminal use of cryptocurrencies like Bitcoin.
The countries scheduled to join the U.S. at the ransomware conference are Australia, Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the United Arab Emirates and the United Kingdom. The European Union will also be represented.
The senior White House official said, “I think that list of countries highlights just how pernicious and transnational and global the ransomware threat has been.”
Aside from government action, the Biden administration has called on private businesses, which most often are blindsided by the ransomware attacks, to modernize their cyber defenses to meet the threat.