• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • US Global Ransomware Summit: More Needs to be Done
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO21166 | US Global Ransomware Summit: More Needs to be Done
    Gil Baram

    15 November 2021

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    The US Justice Department’s arrest of several affiliates of the Russian-speaking REvil ransomware group comes a month after Washington hosted a virtual international summit on ransomware attacks. The decision to leave Russia out of the summit will inevitably limit the effectiveness of the operation.


    Source: Pixabay

    COMMENTARY

    ON 8 NOVEMBER 2021, the US Justice Department announced the arrest of several members of the Russian-speaking REvil ransomware group, in a large-scale operation involving US allies in Europe and around the globe. The REvil group, who have since been charged, have been deploying ransomware attacks against American targets including the software provider Kaseya in July 2021. Furthermore, the State Department added REvil to a bounty programme that offers up to US$10 million for information on the REvil leaders.

    These efforts followed the two-day virtual international summit on ransomware hosted by the Biden administration on 13-14 October. This summit included 30 countries and was a decisive step towards building a coalition against ransomware attacks. It was acknowledged by all countries that ransomware posed a global and national security threat. Russia ─ as well as China, Iran, and North Korea ─ was not invited.

    From Petty Crime to Global Criminal Enterprises

    The summit prompted some governments to state their positions on state-sponsored ransomware. Australia, the Netherlands and United Kingdom began signalling a more aggressive, military, and intelligence agency-backed response to the ransomware threat.

    Lindy Cameron, head of the British National Cyber Security Centre (NCSC) said: “In addition to the direct cyber security threats that the Russian state poses, we […] assess that cyber criminals based in Russia and neighbouring countries are responsible for most of the devastating ransomware attacks against UK targets.”

    On average there is a new ransomware attack every 11 seconds, and the losses to organisations from ransomware attacks are projected to reach $20 billion over the course of 2021. According to the White House, ransomware payments rose to more than $400 million globally last year.

    COVID-19 increased these numbers, as many organisations started operating remotely, making themselves even more vulnerable. In fact, ransomware has existed for several decades and is therefore not new. The problem has been regarded for a long time as “e-crime”, which primarily affects the private sector, and was not viewed as a security issue.

    The ransomware threat has, however, evolved from a “petty crime to a major economic windfall for global criminal enterprises”. The rise of cryptocurrencies makes it difficult for funds to be traced as these can be transferred electronically without the assistance of other institutions regulated by governments. This has contributed to the rise of ransomware attacks.

    Global Cooperation on Cyber Issues: Limited Success

    The growing international attention on ransomware and its treatment as a national security threat have changed how countries respond to this new challenge. However, global cooperation on cyber issues has so far achieved limited success because of two reasons: Firstly, it has been done without the cooperation of Russia and China. Secondly, deterrence in cyberspace generally does not achieve its goal in the face of actors with different values and operating methods.

    Past international efforts to promote global initiatives on agreed behaviour in cyberspace ─ like the UN GGE (Group of Governmental Experts) ─ suffered from disagreements among the nation-states. The main ones are largely between the US and Russia as well as China regarding the meaning of sovereignty in cyberspace and its implications for improving global cyber stability.

    This year, the UN GGE had reached agreements while the UN Open-Ended Working Group (OEWG) achieved some non-binding understandings on ways to advance peace and security in cyberspace. The OEWG includes representatives from multiple countries and stakeholders.

    An international summit that did not include Russia and China (among others) is unlikely to lead to actionable results that reduce the severity and intensity of global ransomware attacks. In May 2021 President Biden warned Moscow about the need to “take decisive action” against them. The Justice Department, he said, would step up prosecutions of ransomware hackers and the government will “pursue a measure to disrupt their ability to operate”.

    Russia’s Lack of Action

    Despite this warning, there has been little or no change in the Russian stance that would indicate Moscow’s acceptance of the presence of ransomware attacks by Russia-affiliated criminal groups. And despite repeated requests from the Biden administration, there is no evidence that Russia has taken action to deal with ransomware criminals operating within its borders and it is practically serving as a safe haven for cyber criminals.

    The US has already sanctioned Russian individuals for committing cyberattacks but that did not seem to affect Russia’s support for them.

    Experts suggest that the US should act against cyber criminals the same way it acted against ISIS. Here the situation might pose some complications as these cyber criminals are operating within the borders of sovereign states.

    But there might be some room for optimism from the latest round of strategic dialogue between the US and Russia that took place at the end of September. According to Russian news reports, Moscow and Washington have resumed some cooperation in cyber areas that have been frozen for many years.

    Progress and Way Forward

    There has been substantial progress reached in three key areas:

    • At the end of September, The Kremlin and the White House resumed regular cybersecurity expert meetings.
    • Both countries restored cooperation within the framework of the 1999 Mutual Legal Assistance in Criminal Cases Treaty. As a result, the US provided key information to enable the prosecution of several international cybercrime groups such as Evil Corp, REvil, and TrickBot. Specifically, Russia informed the US that it already started prosecuting hackers using malware from one of those three groups, and Moscow expressed willingness to continue collaborating on this track.
    • The US and Russian cyber incident response centres also reestablished regular contacts and resumed information exchange on cyberattacks.

    Going forward, the US ransomware summit was an important first step; it seems that many countries today perceive ransomware as a security threat and one that calls for a joint global action ─ as the recent operation and arrests show.

    However, as long as Russia keeps providing safe haven for cyber criminals this activity will not be resolved. The US should reach out to Russia as well as other nations and lead international effort in a more inclusive way if it wants to reach a global and long-lasting solution.

    About the Author

    Gil Baram is a Fulbright Cybersecurity post-doctoral fellow, Center for International Security and Cooperation (CISAC) Stanford University, and an Adjunct Research Fellow at the Centre of Excellence for National Security, (CENS), S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / International Political Economy / International Politics and Security / Non-Traditional Security / Technology and Future Issues / Americas / East Asia and Asia Pacific / Europe / Global / South Asia / Southeast Asia and ASEAN

    Last updated on 15/11/2021

    comments powered by Disqus
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    The US Justice Department’s arrest of several affiliates of the Russian-speaking REvil ransomware group comes a month after Washington hosted a virtual international summit on ransomware attacks. The decision to leave Russia out of the summit will inevitably limit the effectiveness of the operation.


    Source: Pixabay

    COMMENTARY

    ON 8 NOVEMBER 2021, the US Justice Department announced the arrest of several members of the Russian-speaking REvil ransomware group, in a large-scale operation involving US allies in Europe and around the globe. The REvil group, who have since been charged, have been deploying ransomware attacks against American targets including the software provider Kaseya in July 2021. Furthermore, the State Department added REvil to a bounty programme that offers up to US$10 million for information on the REvil leaders.

    These efforts followed the two-day virtual international summit on ransomware hosted by the Biden administration on 13-14 October. This summit included 30 countries and was a decisive step towards building a coalition against ransomware attacks. It was acknowledged by all countries that ransomware posed a global and national security threat. Russia ─ as well as China, Iran, and North Korea ─ was not invited.

    From Petty Crime to Global Criminal Enterprises

    The summit prompted some governments to state their positions on state-sponsored ransomware. Australia, the Netherlands and United Kingdom began signalling a more aggressive, military, and intelligence agency-backed response to the ransomware threat.

    Lindy Cameron, head of the British National Cyber Security Centre (NCSC) said: “In addition to the direct cyber security threats that the Russian state poses, we […] assess that cyber criminals based in Russia and neighbouring countries are responsible for most of the devastating ransomware attacks against UK targets.”

    On average there is a new ransomware attack every 11 seconds, and the losses to organisations from ransomware attacks are projected to reach $20 billion over the course of 2021. According to the White House, ransomware payments rose to more than $400 million globally last year.

    COVID-19 increased these numbers, as many organisations started operating remotely, making themselves even more vulnerable. In fact, ransomware has existed for several decades and is therefore not new. The problem has been regarded for a long time as “e-crime”, which primarily affects the private sector, and was not viewed as a security issue.

    The ransomware threat has, however, evolved from a “petty crime to a major economic windfall for global criminal enterprises”. The rise of cryptocurrencies makes it difficult for funds to be traced as these can be transferred electronically without the assistance of other institutions regulated by governments. This has contributed to the rise of ransomware attacks.

    Global Cooperation on Cyber Issues: Limited Success

    The growing international attention on ransomware and its treatment as a national security threat have changed how countries respond to this new challenge. However, global cooperation on cyber issues has so far achieved limited success because of two reasons: Firstly, it has been done without the cooperation of Russia and China. Secondly, deterrence in cyberspace generally does not achieve its goal in the face of actors with different values and operating methods.

    Past international efforts to promote global initiatives on agreed behaviour in cyberspace ─ like the UN GGE (Group of Governmental Experts) ─ suffered from disagreements among the nation-states. The main ones are largely between the US and Russia as well as China regarding the meaning of sovereignty in cyberspace and its implications for improving global cyber stability.

    This year, the UN GGE had reached agreements while the UN Open-Ended Working Group (OEWG) achieved some non-binding understandings on ways to advance peace and security in cyberspace. The OEWG includes representatives from multiple countries and stakeholders.

    An international summit that did not include Russia and China (among others) is unlikely to lead to actionable results that reduce the severity and intensity of global ransomware attacks. In May 2021 President Biden warned Moscow about the need to “take decisive action” against them. The Justice Department, he said, would step up prosecutions of ransomware hackers and the government will “pursue a measure to disrupt their ability to operate”.

    Russia’s Lack of Action

    Despite this warning, there has been little or no change in the Russian stance that would indicate Moscow’s acceptance of the presence of ransomware attacks by Russia-affiliated criminal groups. And despite repeated requests from the Biden administration, there is no evidence that Russia has taken action to deal with ransomware criminals operating within its borders and it is practically serving as a safe haven for cyber criminals.

    The US has already sanctioned Russian individuals for committing cyberattacks but that did not seem to affect Russia’s support for them.

    Experts suggest that the US should act against cyber criminals the same way it acted against ISIS. Here the situation might pose some complications as these cyber criminals are operating within the borders of sovereign states.

    But there might be some room for optimism from the latest round of strategic dialogue between the US and Russia that took place at the end of September. According to Russian news reports, Moscow and Washington have resumed some cooperation in cyber areas that have been frozen for many years.

    Progress and Way Forward

    There has been substantial progress reached in three key areas:

    • At the end of September, The Kremlin and the White House resumed regular cybersecurity expert meetings.
    • Both countries restored cooperation within the framework of the 1999 Mutual Legal Assistance in Criminal Cases Treaty. As a result, the US provided key information to enable the prosecution of several international cybercrime groups such as Evil Corp, REvil, and TrickBot. Specifically, Russia informed the US that it already started prosecuting hackers using malware from one of those three groups, and Moscow expressed willingness to continue collaborating on this track.
    • The US and Russian cyber incident response centres also reestablished regular contacts and resumed information exchange on cyberattacks.

    Going forward, the US ransomware summit was an important first step; it seems that many countries today perceive ransomware as a security threat and one that calls for a joint global action ─ as the recent operation and arrests show.

    However, as long as Russia keeps providing safe haven for cyber criminals this activity will not be resolved. The US should reach out to Russia as well as other nations and lead international effort in a more inclusive way if it wants to reach a global and long-lasting solution.

    About the Author

    Gil Baram is a Fulbright Cybersecurity post-doctoral fellow, Center for International Security and Cooperation (CISAC) Stanford University, and an Adjunct Research Fellow at the Centre of Excellence for National Security, (CENS), S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / International Political Economy / International Politics and Security / Non-Traditional Security / Technology and Future Issues

    Last updated on 15/11/2021

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    US Global Ransomware Summit: More Needs to be Done

    SYNOPSIS

    The US Justice Department’s arrest of several affiliates of the Russian-speaking REvil ransomware group comes a month after Washington hosted a vir ...
    more info