Ransomware Attacks: Will G7 and Biden-Putin Summits Prove Fruitful?

I’ve been very busy lately. Between the back-to-back ransomware attacks and the release of our ransomware report highlighting the impact on business from ransomware attacks, I have been asked to share my thoughts and insights on a variety of broadcast and print media outlets. 

Last week, ransomware and cybersecurity were also in the news for another reason—the G7 meeting and the Biden-Putin Summit both focused on these issues as a primary concern. 

Cybercrime and Safe Havens

I spent my early days in cybersecurity focused on nation-state adversaries and how countries might defend themselves against other countries. The G7 committed to hold nations accountable for harboring cybercriminals—and specifically called out Russia, which is believed to be a base of operations for many ransomware groups--but what does that really mean? I think it is a good start. It was good to see cybersecurity and the ransomware crisis play a central role and it’s important to send a message that state ignored attacks will not be tolerated.  

President Biden also addressed the escalation in ransomware and cybercrime attacks with Putin when they met face-to-face. Biden and Putin reportedly discussed rules of engagement, so to speak—identifying specific industries or entities deemed as critical infrastructure and establishing that those should be off limits for cyber attacks. 

I think there are a number of questions that remain. For one thing, Putin publicly denied that Russia is involved in harboring cybercrime or ransomware gangs at all—and even accused the United States of being the real culprit. That conflicts with our research that shows many of these attacks originating from Russia, and doesn’t seem promising, but maybe Putin was just posturing for public image. We don’t know how seriously Putin is really taking the commitment from the G7 or the demands from Biden.

Outcomes Uncertain

Only time will tell how successful these meetings have been, or what happens if they have not been successful. What sanctions or actions are the G7 prepared to take against nations that do not cooperate with efforts to deal with cybercrime and ransomware groups (still looking at you, Russia)? 

What is the Biden administration and the United States willing to do in retaliation for attacks against the 16 areas designated as critical infrastructure? Will that now be elevated to a more direct act of war status—something that warrants a physical response?

It also seems like there is some sort of tacit agreement that cybercrime and ransomware will continue—just not against specific targets. Establishing rules of engagement is very different from agreeing to a truce or vowing to work together to end the threat globally. It simply means that ransomware groups and cybercriminals will double down on targets that are within the rules of engagement. 

I think it is good for everyone if we can agree not to shut down fuel or electricity, or taint water supplies, or impact air or rail travel—things that average citizens depend on and that could result in catastrophic and potentially deadly consequences. That seems like a step in the right direction. 

However, it doesn’t remove the threat entirely and could actually exacerbate the problem for other companies—so we will need to continue to work together to find ways to address the ransomware crisis

 

Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div