G7 Demands Russia to Hedge Against Domestic Ransomware Gangs
On Sunday, G7 Leaders Urged Russia Take Action Against Threat Actors Conducting Cyberattacks and Using Ransomware from Within Its Borders.
The reprehension came after a three-day summit of G7 leaders in Britain that also called on Moscow to “stop its destabilising behaviour and malign activities” and conduct an investigation into the use of chemical weapons on Russian soil.
According to a communique issued after the conclusion of the leaders’ summit, the Group of Seven stated that
We reaffirm our call on Russia to stop its destabilising behaviour and malign activities, including its interference in other countries’ democratic systems, and to fulfil its international human rights obligations and commitments. In particular, we call on Russia to urgently investigate and credibly explain the use of a chemical weapon on its soil, to end its systematic crackdown on independent civil society and media, and to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes.
Additionally, the group reaffirmed its commitment to further understanding of how international law applies to cyberspace, and to work together to address the “escalating shared threat” from ransomware gangs.
We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions.
The leaders also committed to ongoing collaboration towards a “trusted, values-driven digital ecosystem” as well as an “open, interoperable, reliable and secure internet” that is unfragmented and supports freedom, innovation and trust to empower users.
The summit further addressed issues around Internet safety and countering far-right hate speech, whilst protecting fundamental human rights and freedoms such as freedom of speech and expression.
For its part, Russia points out that cybercriminals operate worldwide, and denies that it is harbouring cybercriminals.
However, Lindy Cameron, head of the UK’s National Cyber Security Centre, declared that “these criminals don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity.”
Cameron is likely to be right that most ransomware attacks are the work of criminal gangs rather than state-sponsored. Nevertheless, it is important to make sure that no countries are turning a blind eye to ransomware gangs who may be intentionally avoiding hitting targets close to home, in order to allow them free reign to make millions of dollars attacking organizations overseas.
This call to action comes in the wake of the Colonial Pipeline hack and mounting damage caused by threat actors. Last week, the U.S. Department of Justice announced that it is elevating investigations of ransomware attacks to a similar priority as terrorism.
In a fact sheet published over the weekend, the White House declared the United States’ commitment to fighting ransomware operations together with the other G7 member states.
In just the last few weeks there have been several significant cyber intrusions affecting many G7 and other nations’ critical infrastructure, manufacturing and electronics firms, and hospitals. These transnational criminal enterprises leverage infrastructure, virtual currency, and money laundering networks, and target victims all over the globe, often operating from geographic locations that offer a permissive environment for carrying out such malicious cyber activities.