As the United States comes out of yet another major attack by a Russian ransomware gang, this one leveled at Florida-based software provider Kaseya by the REvil threat group, the administration is ramping up its rhetoric about holding Russia responsible for the criminal actions taking place within its borders. During a recent press briefing White House press secretary Jen Psaki said that a “high level” of U.S. national security has been in touch with top Russian officials about the Kaseya attack. She also said that another ransomware-focused meeting between the two countries is scheduled for next week.
Psaki also passed on a warning to Russia. “As the president made clear to [Russian] President Putin [during their summit last month], if the Russian government cannot or will not take action against criminal actors residing in Russia, we will reserve the right to take action on our own.”
The next day, Biden called together his top advisors, including key players from the Department of Justice and the Department of Homeland Security, for a ransomware strategy session in the White House Situation Room. It’s not clear yet what the brainstorming produced, but the pressure is on the administration to end the ransomware scourge.
Crowdstrike co-founder and former CTO Dmitri Alperovitch and Russia expert and Director of the Wilson Center’s Kennan Institute Matthew Rojansky penned an op-ed urging Biden to give Russian President Vladimir Putin an ultimatum on ransomware. “If Putin chose to take the problem seriously, as Biden demands, Russian security officials could quickly identify and interdict the attackers and force them to unlock the data to stop the damage to businesses worldwide, including in the United States,” they wrote.
The proof will be in the pudding
Whether or not any bilateral meetings between the U.S. and Russia would yield near-term solutions remains unclear. “I think Biden said it best back at the Summit: the proof will be in the pudding,” Chris Painter, former head of the State Department’s cybersecurity office and currently President of the Global Forum on Cyber Expertise, tells CSO.
The Russians have seemingly asked for a restart of the kind of joint high-level meetings on cyber that took place during the Obama administration, which were suspended after Russia invaded Ukraine. “I don’t think it makes sense to reconvene such a large group,” Painter says. “I think it’s appropriate to have these more working-level talks now. Whether anything comes of it really depends on what actions Russia takes.”
“I don’t think that the prospects are very high for dealing with Russia unless and until the U.S. develops a strategy of some sorts for imposing adverse consequences on Russia that will drive it to take the strategic decision to control the ransomware from within its borders,” Paul Rosenzweig, Senior Fellow at the R Street Institute and former deputy assistant secretary for policy in the Department of Homeland Security, tells CSO.
Putin lacks motivation to change
President Putin has little motivation to change the status quo, according to Rosenzweig. “Ransomware in the United States is a three-for-one for Putin,” he says. “It disrupts America. That’s always a good thing. Two, it’s a training ground for his cyber militia, who are often part-time contractors when he needs them for state action stuff. And I’ve always had a personal suspicion, and this is speculation, that he and the oligarchs profit. They get a tithe for looking the other way.”
Painter said that during his time at the Justice Department and as Chair of the G8 High Tech Crime Group (when Russia was in the G8), Russia was not particularly cooperative when it came to cybercrime because the criminals were working at the behest of the state. “That does not seem to be the case here, or at least the White House is saying that does not seem to be the case here,” he says. “Or there was corruption, which I think persists. As long as they were attacking targets that were outside of Russia, Putin and the regime didn’t care about them and left them to their own devices.”
“If these ransomware groups are not acting on behalf of the Russian state, I think there’s an opportunity to uproot them and actually take action. Biden can certainly make these groups’ lives miserable if he wanted to, whether or not they get arrested.”
What options exist to push Putin to the table?
Aside from arresting the ransomware attackers, a near-impossibility given that Russia’s constitution forbids extraditing its citizens, the Biden administration does have some options to push Putin to the table. “The key is for America to find a way to change the incentive structure in its dealings with Russia,” Rosenzweig says. “We can go directly after the bad guys by destroying bitcoin wallets and stuff like that. But if we’re talking about Russia incentivization, the only answer that makes any sense is to find something that Russia has or wants or needs that we can hold at risk that compels them to stop.”
“You can imagine a number of tools we can use to either put pressure on Russia itself, like additional sanctions,” Painter says. But, “we haven’t really had a strategic application of sanctions or other tools that we have. They’ve been sort of happenstance.”
Painter says, “we can do things I think that will make a difference, but it needs to be well thought out to use tools such as law enforcement or even other tools to disrupt these criminal enterprises [such as the Justice Department’s takedown of the Darkside ransomware gang’s cryptocurrency wallet], which I think was an innovative thing. You can even imagine doing disruptive operations that Cyber Command or others might do.”
“One of the [actions] I’ve been talking about with some friends is we could just shut Russia off from the network. We could change the BGP [border gateway protocol designed to exchange routing and reachability information] and isolate Russia more,” Rosenzweig says. “It actually seems kind of commensurate and proportional and might have some effects.”
However, “there is no perfect strategy right now. Putin has, as far as I can see, zero incentive to change what he’s doing. And that’s not a condemnation of President Biden because I think the same was true under Trump and Obama.”
Copyright © 2021 IDG Communications, Inc.