International community joins forces as ransomware attacks create major disruptions

Thirty countries have been meeting virtually with the Biden administration this week to coordinate efforts against the growing problem of ransomware cyber attacks, which have caused major disruptions around the world in recent months. Anne Neuberger, the deputy national security advisor for Cyber and Emerging Technology who organized the conference, joins Nick Schifrin to discuss.

Read the Full Transcript

  • Judy Woodruff:

    The Treasury Department said today that U.S. companies are paying $102 million in ransomware payments every month. The White House this week convened leaders from 30 countries to coordinate efforts against what has become a growing global problem.

    Nick Schifrin has that story.

  • Nick Schifrin:

    Just in the past six months, ransomware hackers debilitated one of the U.S.' largest meat producers and a crucial pipeline. They disrupted Ireland's national health system, and they are currently wreaking havoc in an Israeli hospital system, which had to cancel all non-emergency procedures.

    At this week's virtual conference, the countries pledged to improve cooperation in law enforcement, inhibit, trace and interdict ransomware payments, and harden infrastructure.

    Anne Neuberger is the deputy national security adviser for cyber and emerging technology. She organized the conference and joins me now.

    Anne Neuberger, welcome to the "NewsHour."

    So, talk about this conference. This was the largest multinational gathering to discuss ransomware. What specific commitments did you get from these 30 countries?

    Anne Neuberger, U.S. Deputy National Security Adviser for Cyber and Emerging Technology,: Really great question, Nick.

    Ransomware is a transnational threat. I will unpack that with the example that you used, the Israeli hospital. In that case, you could have the human attackers in one country, the exchanges that they used to facilitate the movement of illicit currency in a second, registered in one country, operating in a third country, and the infrastructure from which they conducted an attack in yet a fourth, fifth or sixth country.

    So, we brought countries together to really coordinate our fight against ransomware. And the key takeaway was, countries talked about what's working today in that cooperation, where the gaps are, and committing to working together to — across those gaps to fight ransomware more effectively.

  • Nick Schifrin:

    Many of the most pernicious cyber criminals operate from inside Russia. China is a leader on cyber espionage.

    Why was China and Russia not invited?

  • Anne Neuberger:

    So, from a Russian perspective, as you know, President Biden established a high-level White House-to-Kremlin direct discussion on ransomware when he last met President Putin at a summit in June.

    And we have had candid, professional and direct exchanges in that summit, in that exchange regarding ransomware and regarding criminals operating from within Russia. So we felt that was the most effective way to address that.

    And you noted from a Chinese perspective. As you know, we did similarly an attribution regarding China harboring ransomware actors a number of months ago.

    But with regard to who was included, we brought together countries who each have a stake in truly addressing those components, building resilience, tracing illicit use of virtual currencies, addressing and putting in place, implementing diplomatic norms, and disrupting those actors.

    And this is not the last meeting. It was a first meeting of a set of countries. And we look forward to including more countries in that fight moving forward.

  • Nick Schifrin:

    The U.S. has shared with Russia specific names of cyber criminals who operate inside of Russia that it wants to see prosecuted by Russian authorities.

    And we have seen a few of those cyber criminals go dark. Is that because the Russian government has cracked down on them?

  • Anne Neuberger:

    I won't speak to the causes at this moment.

    What we're focused on is the outcomes. And we're really looking to see a reduction in core disruptive ransomware attacks against critical infrastructure overall. And, certainly, the information that we have shared has been to provide information regarding that and looking to the Russian government to take key next steps.

  • Nick Schifrin:

    You said you're focused on outcomes.

    You have suggested in the past that you have seen some signs that ransomware groups have responded to administration pressure. But, with all due respect, how would you know if ransomware is improving if the FBI says it only has visibility into 25 percent of ransomware in the U.S.?

  • Anne Neuberger:

    It's a good question.

    Ransomware is a tough threat. And one of the challenges the U.S. government has is having adequate visibility, because so many ransomware attacks are not reported. And that's one of the reasons why encouraging notification to the U.S. government when ransomware attacks occurs, so we can better trace the attackers, trace the infrastructure that they use to drive disruption efforts is so important.

    What we're focused on fundamentally are the four approaches to disrupt ransomware and seeing and testing each one of those approaches, as I noted, and looking to see, what are the outcomes? Overall, do we see a reduction in ransomware?

    You noted the limited visibility the U.S. government has. And that's why we're working so closely with the private sector to see what they see as well and to incorporate that into our overall strategy.

  • Nick Schifrin:

    Those disruption methods that you have discussed and that were in the joint statement do not include offensive operations.

    Do you believe the U.S. should, as cyber expert Dmitri Alperovitch recently suggested, reveal criminals' details, take down payment servers, and hack the hackers, as the U.S. did against ISIS?

  • Anne Neuberger:

    We're trying a lot of creative approaches. Not all are we public about. Not all can we talk about.

    But we're fully committed to ensuring that it's a lot harder for attackers to use global infrastructure, global currency exchanges to pursue their pernicious work.

  • Nick Schifrin:

    You have tried, as you have mentioned tonight, to crack down on cryptocurrency.

    But some investors in cryptocurrency are pushing back, saying that they do not want to share the details of any of the holders of that cryptocurrency. How can you actually solve this problem without those investors' support?

  • Anne Neuberger:

    So, two questions.

    One is, we really believe in the innovation that cryptocurrency brings, for example, access for the unbanked. We also believe that we need to crack down on illicit use of cryptocurrency. In some ways, the public nature of the blockchain makes cryptocurrency and crypto — there is greater visibility into various transactions

    Holding exchanges accountable for know your customer rules, which they're accountable for under current regulatory practices, where they need to know who is opening an exchange account and report that, is the path that we will use. So it's currently required under U.S. law for a cryptocurrency exchange to really look into somebody opening an account, to know, is this a legitimate use for investment, for legitimate transactions, purchasing a painting, whatever the purchase is, or is it somebody who's using it to launder illicit funds, as ransomware attackers do?

  • Nick Schifrin:

    Anne Neuberger, deputy national security adviser, thank you very much.

  • Anne Neuberger:

    Thank you, Nick.

Listen to this Segment