The new Counter-Ransomware Initiative, announced by President Joe Biden in the beginning of October, brings together thirty countries to strengthen cooperation against ransomware and tackle misuse of cryptocurrencies. Last week, the United States hosted a virtual international meeting of the initiative that included European Union partners, members of the Quad, South Africa, Nigeria, Kenya, Republic of Korea, Singapore, United Arab Emirates, Ukraine, and others.
One country that was not invited was Russia. But should it have been?
From the United States’ perspective, the suggestion that Russia participate in the anti-ransomware group may seem counterintuitive. Senior U.S. officials called Russia a “safe haven” for cybercriminals, and Biden said his administration believed the hackers behind the notorious Colonial Pipeline ransomware attack were living in Russia.
The Biden administration hoped to use the June 2021 Geneva summit between Biden and Vladimir Putin to address some of its concerns, such as the surge of ransomware attacks, through renewed engagement with Russia. Biden proposed that critical infrastructure should not be attacked and gave the Russian delegation a list of sixteen sectors defined as “critical.” He also urged Russia to take action against ransomware activities coming from its territory. Putin, in turn, reprehended the United States for not responding to Russian inquiries regarding cyberattacks. To address these issues, the presidents agreed to start expert consultations.
To be sure, the two sides are far from being on the same page and achieving diplomatic progress will not be easy. Russian officials consistently dismiss U.S. accusations of any wrongdoing in cyberspace. But Russia has its own motivations for bilateral dialogue on cyber issues. Not least because it suffers from increased digital threats, too. Though Russia has faced far fewer ransomware cases, other types of cybercrime are on the rise. This fall, Russian financial organizations have been hit by a wave of major DDoS attacks, and Russian tech giant Yandex claimed it was hit by the largest recorded attack ever. Even more important, Moscow is eager to negotiate a broader range of cyber issues with Washington, including in the military domain.
So far both sides have offered few details on the outcomes of bilateral cybersecurity consultations launched after the Geneva summit. Russian diplomats have signaled a willingness to talk about ransomware, although not exclusively. While FBI Deputy Director Paul Abbate said he saw “no indication” that Russia has gone after ransomware actors, Russian sources welcomed resumed information sharing with U.S. counterparts. A senior Biden administration official confirmed the United States was sharing information on ransomware activity with Russia and noted that Russian authorities had “taken initial steps.”
Although the slow pace of bilateral diplomacy could make some in the United States skeptical about the Kremlin’s willingness to address ransomware and the benefits of further engagement, there are three reasons why inviting Russia to join the multilateral Counter-Ransomware Initiative is a worthy idea.
First, Russia will have more incentives to cooperate on fighting ransomware if the new initiative is framed as a joint effort in the face of a common challenge rather than a U.S.-led coalition that considers Russia part of the problem. Explicit statements by Biden and his senior officials explicitly saying that they did not consider the Russian government responsible for the attack on Colonial Pipeline helped put cybersecurity at the top of the Geneva summit’s agenda. Because Biden seeks to ensure that Moscow subscribes to international standards on countering ransomware, it should share ownership of the process where such standards are elaborated.
Second, Russian law enforcement could significantly contribute to the investigation and prosecution of ransomware attacks. Russia and the West have rarely worked together on policing cyberspace—and some past experiences have left Washington officials skeptical about assistance from Moscow. But a few cases show the potential for tangible results from cooperation. In 2004, for example, the Russian Ministry of Interior assisted the British National Hi-Tech Crime Unit in bringing to justice a gang that had extorted sports-betting websites in the United Kingdom, causing an estimated $3 million in damage. In 2010, Russia’s Federal Security Service, at the FBI’s request, arrested several individuals involved in the $9-million breach of the Royal Bank of Scotland. According to the Dutch Team High Tech Crime, the Netherlands provided Russia information in 2016 about cybercriminals, who were then arrested.
Moreover, because the U.S. initiative seeks to go after ransomware financing, Russia’s long track record of cooperating with international partners to combat money laundering and the financing of terrorism will be relevant. Russia is a member of important multilateral mechanisms focused on these challenges, including the Financial Action Task Force and Council of Europe’s MONEYVAL. A 2019 evaluation of Russia’s measures in this field highlighted “excellent use” of its financial intelligence in investigations. In early 2021, the head of Rosfinmonitoring, Russia’s financial intelligence service, announced that it was developing a tool to track criminal cryptocurrency transactions. These capabilities could be put to good use in tracing proceeds from cybercrime.
Third, targeted cooperation to counter ransomware could be beneficial to cyber diplomacy on a global scale. When it comes to all things cyber, Russia and the United States have been major norm entrepreneurs at the UN. Their positions often collide, but their agreement is crucial to moving the conversation forward. This year, an expert committee began work on drafting a new cybercrime convention, something long advocated by Russia to replace the 2001 Budapest Convention and, conversely, opposed by the United States and its allies. Nonetheless, both sides are represented in the committee and will have to deliver the document by September 2023.
Having Russia join the collective effort on ransomware will not bridge all the differences. It will, however, shape a better understanding among participants of what is possible in practice and help build much-needed trust for future talks.