White House officials are lowering expectations for President Biden’s summit with Russian President Vladimir Putin on June 16, saying they don’t foresee major “deliverables” emerging from the meeting right away. But one development will stand out anyway: Biden is set to deliver the sternest warning yet to Putin about ransomware attacks on American companies that emanate from Russia.
The number of ransomware attacks has exploded in recent months, with a 150% increase in the number of attacks in 2020 and an even higher pace of attacks this year. Hackers who disable an organization’s computer system, then demand a ransom to unlock it, reaped an average bounty of $170,000 in 2020. Some ransoms are in the millions, with Colonial Pipeline paying $4.4 million in May (some of it recovered by the FBI) and meatpacker JBS paying $11 million a few weeks later.
At least half of all ransomware attacks emanate from Russia, and while those aren’t necessarily intelligence or government operations, the Russian government seems to offer safe haven to hackers as long as they don’t target Russian organizations. The Colonial Pipeline attack, perpetrated by the Russian collective known as DarkSide, crossed a line because it disabled pipelines carrying fuel to the East Coast, which is considered critical infrastructure. Five days after the Colonial Pipeline hack, Biden signed an executive order meant to strengthen the nation’s cybersecurity defenses and treat ransomware attacks as a national security threat, rather that just a crime.
Putin has dismissed calls to do something about hackers operating from Russia, saying they’re not breaking Russian law. But he could crack down on them if he wanted to, and Biden is likely to press that point. “Ransomware will be a significant topic of conversation,” a senior administration official told reporters ahead of the summit. “They will discuss the broader issue of cyber norms, cyber rules of the road.”
The question is what kind of leverage Biden has over Putin. The Russian president certainly won’t acquiesce in a way that makes him look weak. But Biden may point out that classifying ransomware attacks as a national security threat sharply raises the stakes, by bringing the resources of the Pentagon, the National Security Agency and the whole U.S. defense establishment to the fight.
“It’s pretty remarkable that ransomware finds its way to the top of the list,” says Philip Reiner, CEO of the Institute for Security and Technology. “This is not just an economic nuisance anymore. It’s really a national security threat. If law enforcement is unable to put somebody in handcuffs, that is not the only option available.”
American operatives could get more aggressive about hacking the hackers by disrupting their own networks. The FBI’s newfound ability to claw back ransomware payments seems to be an escalation in that regard. Earlier this year, a ransomware task force convened by the Institute for Security and Technology issued a report recommending more government regulation of cryptocurrency exchanges, to make it harder for hackers to demand untraceable payments.
The U.S. government could also lean on Putin by pressuring the oligarchs he relies on, either through financial sanctions or some kind of cyberwarfare that crimps their ability to make or move money. It’s not clear how Putin and his circle of power brokers might be connected to ransomware attackers, but they're probably familiar with each other. “There could be economic ties, for sure,” says Reiner. "It’s part of the ecosystem of criminal networks. They’re all connected.”
Russia is hardly the only source of aggressive hacking, and American firms have a lot of work to do to catch up to the burgeoning threat. The United States needs standards for preparing for attacks and firm guidelines for how to respond. As it is, organizations aren’t even required to report ransomware attacks to the government, part of the patchwork approach Biden is trying to improve. At least the problem is finally getting international attention.
Rick Newman is the author of four books, including "Rebounders: How Winners Pivot from Setback to Success.” Follow him on Twitter: @rickjnewman. You can also send confidential tips, and click here to get Rick’s stories by email.