This week the White House held a summit with various nations to address the threat of ransomware. Experts weigh in on the important security takeaways and why certain nations were excluded.
The White House held a virtual ransomware summit this week with over 30 countries in attendance—although a few notable nations were excluded, such as China, Russia and North Korea. Australia, Brazil, Canada, France, Germany, India, Japan, United Arab Emirates and the United Kingdom were among the attendees.
The focus of the summit was establishing a mutual response to ransomware tactics that hackers are capitalizing upon with assistance from disparate cryptocurrency standards. The standards of the Financial Action Task Force (FATF), designed to protect virtual assets and virtual asset service providers, are not being globally applied. As a result, hackers are able to profit by transferring cryptocurrency payments to countries with subpar capabilities and/or standards for monitoring suspicious transactions.
The summit called for stronger anti-money-laundering controls, rules to better understand financial customers to guard against illegal activity and international collaboration to target hacking groups.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
The joint statement of the summit from ministers and representatives says: “Governments recognize the need for urgent action, common priorities, and complementary efforts to reduce the risk of ransomware. Efforts will include improving network resilience to prevent incidents when possible and respond effectively when incidents do occur; addressing the abuse of financial mechanisms to launder ransom payments or conduct other activities that make ransomware profitable; and disrupting the ransomware ecosystem via law enforcement collaboration to investigate and prosecute ransomware actors, addressing safe havens for ransomware criminals, and continued diplomatic engagement.”
The group called for consistent implementation of the FATF standards, acknowledging the difficulties some countries may face in building frameworks and handling threat investigation and pledging cooperation to fill in the gaps as well as to strengthen network security, regulation and cyber hygiene amongst participating nations.
Diplomacy was also emphasized as a key element to protect participating nations to “promote rules-based behavior and encourage states to take reasonable steps to address ransomware operations emanating from within their territory. We will leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cybercriminals. Such collaboration will be a critical component to meaningfully reduce safe havens for ransomware actors.”
“I believe China, Russia, and North Korea were excluded because the United States and our allies have identified these three nations as the top countries that are the sources of much cybercrime today,” said Bryan Hornung, CEO, Xact I.T. Solutions. “In addition, these countries have historically been harder to work with or flat out deny any request by law enforcement to take any action. There is also a deep geopolitical strategy at play with all of the countries involved. The countries excluded may see cyberspace as an essential resource for furthering their agenda and have no desire to stop cyberattacks at the state or cyber-criminal level.”
SEE: Cryptocurrency glossary: From Bitcoin and Dogecoin to hot wallets and whales (TechRepublic Premium)
Hornung felt that the three big takeaways from the event were:
“The sheer number of countries whose opening remarks centered around significant ransomware attacks that disrupted their country's critical infrastructure sectors. We hear a lot about the U.S. being a big target, but the reality is cybercriminals only have a handful of countries they won't target.
“Four other countries (U.K., Germany, India and Australia) want to step up and lead this effort along with the US. We need more countries to lead and work on solutions around these problems.
“The call on the private sector to step up its investment in cybersecurity. The government needs to stress this to business leaders, and our perception of companies that do not do enough needs to change. There are no consequences for not securing critical assets properly. Eventually, that will change, but the government and businesses need to beat that drum together. The government can't do it alone.”