Biden warns Russia will faces consequences if it doesn't crack down on ransomware attacks

Biden warns Russia will faces consequences if it doesn't crack down on ransomware attacks
By Ben Aris in Berlin July 12, 2021

Joe Biden warned Vladimir Putin that Russia would face consequences if it failed to crack down on ransomware cyber-gangs operating out of Russia that are targeting businesses worldwide during a phone call on July 9.

The two leaders spoke by phone, “about the ongoing ransomware attacks by criminals based in Russia that have impacted the United States and other countries around the world”, the White House said in the read out of their call, the first conversation since the two men met in Geneva on June 16. Cybercrime was high on that agenda.

Biden “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasised that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said, as cited by the Financial Times.

While some security experts have suggested that the hackers are state-sponsored and sharing both the date they glean from companies as well as the money they are paid with the state, Russia has been suffering from an explosion of cybercrime in recent years and has many well funded, well organised independent cyber criminal groups that that stolen as much as $6bn from domestic business and citizens in just the last year, according to expert estimates.

Cybercrimes in Russia surged practically eight-fold over the past five years, climbing to 510,000 from 65,000 offenses, Deputy Secretary of Russia’s Security Council Oleg Khramov said last week. 

"Rapid digitalization is creating new IT security threats. In particular, the number of cybercrimes has grown substantially in the past five years, climbing from 65,000 to 510,000 offenses," the security official said as cited by Tass. 

The cybercrime statistics for 2020 suggest that theft and fraud accounted for the bulk of these offenses, with 173,000 and 210,000 such crimes committed last year, correspondingly, the Russian Security Council added.

These cyber-gangs also target international business as they can operate from the relative safety of Russia, which does not have extradition treaties with either the US or the EU.

Biden acknowledged that many, if not all, the ransomware attacks were being conducted by independent criminal groups, but wants the Kremlin to crackdown on them anyway and will hold the Kremlin responsible if no action is taken.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it is not sponsored by the state, we expect them to act,” Biden told reporters at a White House press briefing after the call, adding: “It went well. I am optimistic.” When asked if Russia would face consequences for not dealing with ransomware hackers, Biden replied: “Yes.”

Biden already brought up the issue of cyber attacks during his Geneva conference with Putin, listing 16 areas where cyber attacks should be “off limits” for both sides. In addition to the ransomware attacks, which are for-profit ventures, both countries routinely eavesdrop on the other side and has sophisticated technological programmes to hack each others systems. Observers were encouraged by Biden’s approach which was a pragmatic list of actionable suggestions that provided the basis of mutual cooperation and negotiation in dealing with a difficult issue.

The same think appears to have been used in the recent phone conversation where details appear to have been discussed. A senior administration official later told reporters: “We are not going to telegraph what those actions will be precisely. Some of them will be manifest and visible, some of them may not be. But we expect those to take place in the days and weeks ahead.”

The Kremlin’s account of the conversation noted that Putin told Biden Moscow had not received a request for co-operation from the US government since the Geneva meeting, despite Russia’s “readiness to jointly suppress cyber crime”.

“Taking into account the scale and seriousness of the challenges in this area, the interaction between Russia and the United States should be permanent, professional and non-politicised,” the Kremlin said in a statement. A White House spokesperson denied the Kremlin’s charge and said a detailed request for actions had been submitted to the Kremlin through normal diplomatic channels.

The two presidents also discussed the war in Syria and US-Russia co-operation in that area, the Kremlin added.

Russian domestic cyber crime explodes

Russia has a large and growing problem with cybercrime that has been made worse in the last year by the coronacrisis, which has rapidly driven even more retail and banking online.

Russia’s e-commerce is booming and online business is growing five-times faster than the real economy. But criminal groups are flourishing in this environment. According to Prime Minister Mikhail Mishustin webcrimes were up by half in the first quarter of this year and by a third in the IT sector. Separately a report by the leading Russian online company Rambler found that two thirds of Russian internet users had experienced web fraud.

Ransomware attacks — in which hackers seize a company’s systems or data only to release it if a ransom is paid — have proliferated in the last year for the same reasons, but tend to be attacks on international companies, which attract less attention from the Russian authorities, are potentially more profitable and thanks to the lack of extradition treaties can be carried out with relative impunity.

In the US alone last year, ransomware struck more than a hundred federal, state and municipal agencies, upward of 500 hospitals and other health care centres, some 1,680 schools, colleges and universities and hundreds of businesses, according to t he cybersecurity firm Emsisoft, reports AP.

The White House has become alarmed by a series of high  profile attacks recently coming out of Russia that includes attacks on US’s Colonial Pipeline, which was forced to close temporarily, JBS, the world’s largest meat processor, and Sweden’s Coop supermarket group that shut down 800 cash registers. The REvil hacking cartel demanded Coop pay a ransom of $70mn to have its system unblocked.

Russian bankers have also been calling on the state to crackdown on domestic cyber criminals after the losses due to fraud have spiralled upward from circa $1.5bn in 2019 to $6bn in 2020.

Russia leads by telephone fraud and the situation has all the signs of a national calamity, Sber (formerly known as Sberbank) Deputy Chairperson Stanislav Kuznetsov said last week.

“According to our estimates, Russia leads by telephone fraud, by the crime called crime with the use of methods of social engineering,” Kuznetsov said at a news conference, as cited by Prime.

Cybercriminals make about 100,000 calls a day, and every 10th call to any subscriber in Russia is a call by a perpetrator, and nine out of 10 owners of mobile phones have come across with phone fraud and got such calls, he said.

“We see that phone fraud has almost doubled in a recent year and a half. We believe that the situation is so much difficult now that we think the situation has all the signs of a national calamity,” Kuznetsov said.

The criminals have been investing their takings into an increasingly sophisticated apparatus to perpetrate crime. Sber estimates that today there are some 150–170 criminal call centres work in Russia targeting normal Russians, and each of the call centres has 30 to 40 operators each.

Sber’s comments are backed up by a survey from Rambler&Co that found the majority of Russian Internet users (69%)  have experienced fraud on the Web. At the same time internet best practices are not followed by the majority of Russians as only a third of the country’s Internet users (30%)  try to keep their data safe by avoiding contacts with the people they do not know personally.

The issue of cybercrime is rising up the government’s agenda as it responds to an explosion of attacks in the last year. Crimes committed on the Internet increased by 51.6% on the year in January–March, while the number of crimes in the IT sphere on the whole rose by 33.7%, Prime Minister Mishustin said on the same day as the Biden-Putin call.

“In the last few years, the number of attacks on the delivery chains has increased. This disappointing trend continues,” Mishustin said in an online address to a conference.

Mishustin called for more resources to be thrown into understanding the problem. “We should use the best industry practices, including those of our foreign partners, and find effective solutions together,” he said. “The cybersecurity matters are coming to the fore. We should protect space apparatuses and onland stations against possible attacks and ensure security of data transfer from space to the Earth and back.”

    

 

News

Dismiss