The G7 summit of western countries has called upon Russia to "identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes."
Coming after an 18-month period where ransomware gangs mostly operating out of Russia and Russian-allied countries have wrought havoc on the West, the statement is part of an increasing willingness to confront Russia's inaction over criminal gangs based on its turf.
A public G7 communique issued over the weekend as the politico-media gathering jetted off home from the summit's Cornwall location said "we reaffirm our call on Russia to stop its destabilising behaviour" and called on the rest of the world to join in a broader effort to "urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions."
Recent ransomware attacks (such as REvil's pwning of meat supplier JBS) have originated from gangs that do not target Russia. A common understanding in the internet's criminal underworld is that provided you don't target Russia or its allies, Russian law enforcement won't take action against you.
- 'I put the interests of the country first': Colonial Pipeline CEO on why oil biz paid off ransomware crooks
The G7 announcement is intended to pile pressure onto Vladimir Putin to tackle the ransomware menace, though Russia's appetite for doing so is unclear. As private operators hampering Russia's traditional enemies, ransomware gangs provide a usefully deniable means of meddling with western economies and key industries alike.
Professor Alan Woodward of the University of Surrey told The Register the G7's approach could possibly bear fruit if Russia was given a large enough carrot alongside the rhetorical stick offered by the communique: "I saw a note that Putin was saying that he may be considering handing over some attackers (if they are found to be in Russia, which of course he isn't admitting) if he is given certain assurances."
The professor added: "I wouldn't be surprised to see something come from the Biden/Putin summit [later this week] enabling these criminals to be extradited. For that to happen, for it even to be considered by the Russians, they must be taking the noises from the G7 seriously."
US foreign secretary Antony Blinken told NBC News on Sunday that US president Joe Biden will confront Putin over cyber attacks, saying to the TV programme: "[Biden] is going to make clear that no responsible state can be in the business of harbouring criminal enterprises engaged in cyberattacks, including ransomware. That's very much going to be part of the conversation."
The G7 communique also bound the not-quite-alliance's nations together to "further a common understanding of how existing international law applies to cyberspace," a topic the UK has been increasingly vocal on.
Andy Garth, antivirus firm ESET's government affairs lead and a former British ambassador to Slovakia, commented: "Multilateral cooperation on cybersecurity is absolutely essential. Cybercrime has reached unprecedented levels over the past year, and it is important that the like-minded nations come together and collectively seek to better protect citizens and nations from this ever-evolving threat landscape."
The G7's member nations are the UK, the US, Canada, Japan, France, Germany, and Italy. While all those countries are wealthy and western in outlook, if not necessarily in geography, ransomware attacks affect them all equally. If the G7 and the US/Russia summit later this week (starting Wednesday, 16 June) stems the tidal wave of attacks or results in a specific extradition agreement to hand over ransomware criminals, it'll be a definitive moment in infosec history. ®