US-Led International Group Takes Aim At Ransomware Gangs

The US has said it is planning to organise a meeting of officials from 30 countries later this month in order to step up action against increasingly disruptive ransomware attacks and other forms of cyber crime.

The White House National Security Council is to host the online event, which is aimed at improving law enforcement collaboration on issues such as the illicit use of cryptocurrency, US president Joe Biden said in a statement.

“I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security,” he said.

Critical infrastructure risk

The informal group, called the Counter-Ransomware Initiative, is part of a broader series of actions including talks with Russia and with the NATO and G7 alliances.

It wasn’t immediately clear which companies would be involved.

The administration is keen to be seen taking action after a series of attacks this year that have threatened the stability of US energy and food supplies.

Meat producer JBS paid $11 million (£8m) to regain control of its systems after production was halted due to an attack by a crime group believed to have Russian links.

Colonial Pipeline paid a hacking group, also believed to be from Russia, nearly $5m to regain access, some of which was later recovered. Both companies paid the ransoms in Bitcoin.

Biden met with Russia’s Vladimir Putin over the summer with a list of 16 critical infrastructure sectors he wants to be off-limits to hackers.

Sanctions

But since that meeting US hospitals and food supply chain companies have been affected, including a cooperative of Iowa corn and soy farmers that had to shut down its systems after being  hit by the BlackMatter ransomware in September.

In September the administration imposed sanctions on Suex, a cryptocurrency transferring service registered in the Czech Republic.

Deputy treasury secretary Wally Adeyemo said the service had “facilitated transactions involving illicit proceeds for at least eight ransomware variants”.

The move followed reports that the US Treasury was looking for ways of cutting off hackers’ access to Bitcoin and other cryptocurrencies, which provide relative anonymity.