The Russian government has a "responsibility to act” against ransomware hackers inside its borders, including bringing to justice a Russian hacker accused of launching high-profile cyberattacks against major companies, a senior US official said.
"If the Russian government will not take action, we’re not going to sit around and be waiting,” Robert Silvers, the under secretary for strategy, policy and plans at the Department of Homeland Security, said in an interview with Bloomberg News. "We’re going to take action.”
His comments came after Tuesday’s virtual summit between US President Joe Biden and Russian President Vladimir Putin. The leaders’ discussions focused on border tensions between Ukraine and Russia, although the White House said there had also been a "dialogue” on ransomware.
The Russian hacker at large, Yevgeniy Polyanin, was indicted this summer by a Texas federal grand jury for his alleged role in ransomware attacks that crippled Brazilian meat supplier JBS SA and Miami-based technology firm Kaseya. The indictment marked a string of actions by the US and allied countries against one of the most prolific Russia-linked ransomware groups, commonly known as REvil or Sodinokibi.
Among those efforts has been military action taken against ransomware groups, according to a spokesperson for US Cyber Command.
Biden has vowed to make curbing ransomware a priority for his administration. At an earlier summit in June, the president warned Putin that Russian hackers should steer clear of 16 critical sectors of the US economy. Last month, his administration enlisted more than 30 countries in an effort to curb ransomware.
In ransomware attacks, hackers encrypt a victim’s files and then demand payment to unlock them. Reported ransomware payments in the US reached US$590mil (RM2.4bil) in the first half of 2021, according to government figures.
"We’re sanctioning cryptocurrency exchanges that they use. We are seizing cryptocurrency wallets that have the proceeds from ransomware. We are indicting,” Silvers said. "We are making life very hard for these ransomware actors using very creative techniques and tools.”
Silvers also underscored recent meetings between senior US cybersecurity officials and major technology firms like Microsoft Corp, Palo Alto Networks Inc, AT&T Inc, Cisco Systems Inc and Mandiant Inc. He said closer collaboration with the firms’ technical workers -- not just through company lawyers or government relations staff - helps U.S. officials share sensitive information about potential attacks more efficiently.
"We went out to California because that’s where so many of the leading technology providers are,” Silvers said. "And they are the battleground for many of the most sophisticated and alarming threats that we see in cyberspace.”
He called the relationship a "two-way street,” with officials committed to declassifying information that could be helpful for companies in deterring cyberattacks. Meanwhile, Silvers said, insights observed by cloud-computing services like Microsoft could also be useful to American officials - especially as adversaries are turning to those same providers to carry out attacks.
"US infrastructure is now, in many ways, the battleground that the overseas threat actors are trying to leverage,” he said.
The government’s recent efforts follow years of strained trust between Washington and Silicon Valley, particularly after the 2013 disclosures by former National Security Agency contractor Edward Snowden. That trove of classified documents showed how the US and British governments were monitoring the communications of citizens not suspected of crimes. They also revealed how the NSA tried to tap into major computer networks, including Google’s. – Bloomberg