The Biden administration concluded a two-day meeting Thursday on ransomware with more than 30 countries recognizing it for the first time as a global security threat and agreeing to work together to combat it.
The White House-convened sessions were the largest multinational gathering to date to tackle ransomware, a form of cybercrime in which hackers have paralyzed the computer systems of schools, hospitals, energy pipelines, food companies and governments around the world. The hackers then demand payment to unlock the systems.
With the cyberattacks earlier this year on Colonial Pipeline and JBS, the world's largest meat supplier, the U.S. government has elevated what was once seen as a criminal nuisance to a matter of national -- and international -- security.
Absent from the virtual conference was Russia, the country primarily seen as harboring ransomware criminals. Also not invited were the three other countries often accused by the West of malign cyber activity: China, Iran and North Korea.
"No one country, no one group can solve this problem," White House national security adviser Jake Sullivan told the gathering Wednesday. "We view international cooperation as foundational to our collective ability to deal with the ransomware ecosystem, to hold criminals and the states that harbor them accountable, and to reduce the threat to our citizens in each of our countries."
The meeting is intended to be the first of many, he said.
The gathering broadens the usual coalition of "like-minded" nations on the cyber issue beyond the Group of Seven and Western Europe to include countries like India, Brazil, Ukraine, Nigeria and the United Arab Emirates.
The meeting did not result in any formal treaty or pledge, but rather yielded a statement laying out cooperation across a wide range of areas: countering illicit finance; disruption of networks through law enforcement; diplomacy to encourage states to hold criminals accountable; and strengthening cybersecurity.
The gathering brought together officials and experts from law enforcement, information security and financial regulation. They acknowledged that taking action to disrupt ransomware criminals requires concerted efforts to stop illicit payments through difficult-to-trace cryptocurrency payment systems and money-laundering networks.
Ransomware payments reached over $400 million globally last year, according to the White House.
Though Russia was not named in the statement, the group addressed the issue of safe harbors. "We will leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cyber criminals," they said.
Cyber policy experts praised the effort, even if the resulting statement was light on details. "It's a very strong statement of political will, first and foremost," said Christopher Painter, a top State Department cyber official in the Obama administration. "It sends a signal that this is a priority and will continue to be a priority."
Though Russia was not involved in the meeting, White House officials note that they have a separate channel to engage directly with Moscow on the issue. There have been several meetings to date through that channel, in which experts had "frank and professional exchanges" to convey Washington's expectation that Russia would crack down on ransomware criminals, a senior administration official said this week.
"We've also shared information with Russia regarding criminal ransomware activity being conducted from its territory," the official said, speaking on condition of anonymity under ground rules set by the White House. "We've seen some steps by the Russian government and are looking to see follow-up actions."
Deborah Housen-Couriel, chief legal officer for Konfidas, a cybersecurity company based in Tel Aviv, Israel, said it wasn't surprising to see China and Russia excluded from the gathering. "But without their eventual participation in countering this global problem -- even partially -- the results will be necessarily limited."
Painter said that including Russia in the larger group "limits the ability to have frank discussions, including how you might collectively get Russia to take action."
At this stage, he said, you're trying to marshal the broadest group to pressure states that are recalcitrant. "The larger the set of countries, the more powerful and politically legitimate the message: Countries should not provide a safe haven for cybercriminals."