White House organizes virtual global summit to tackle ransomware
A MARTÍNEZ, HOST:
The White House is hosting a virtual gathering with over 30 countries starting today to address the issue of ransomware. Cyber hackers are stealing and locking up important files owned by everyone from pipeline operators to local libraries. For more on this, we're joined by NPR cybersecurity correspondent Jenna McLaughlin. Jenna, so who exactly is invited to this summit?
JENNA MCLAUGHLIN, BYLINE: Hi, A. So it's a big group. You've got everyone from Ukraine and Romania to the United Arab Emirates, Brazil, the list goes on. The White House says they were chosen partially because they've all had issues with ransomware, too. Ukraine, for example, is already helping hunt cybercriminals. Just a few weeks ago, the FBI partnered with international law enforcement to arrest ransomware operators. They posted a video of piles of cash on YouTube. It was a classic sting operation. International law enforcement officials tell me that there's more to come down the line. I also spoke to President Biden's deputy national security advisor for cyber and emerging technology, Anne Neuberger. She says those types of arrests are going to be top of mind this week.
ANNE NEUBERGER: One of the panels will focus on disruption. And these are exactly the kinds of efforts that we have in mind. And certainly the partners who join us around the world are those where potentially there are criminal actors who are in those countries where there is experience in criminal cyber activity.
MCLAUGHLIN: And, of course, there's the question of Russia, where lots of cybercriminals actually live. The White House says that Russia isn't invited this time. They haven't ruled out including them in future summits. Right now the White House is focusing on a separate channel of communication with Moscow. And they say they're seeing some progress. But they're continuing to put pressure on them.
MARTÍNEZ: What does the Biden administration want to get out of this meeting?
MCLAUGHLIN: So the White House isn't sharing a lot about specific agreements it hopes to reach before Thursday. But part of the plan definitely involves the U.S. and others helping their foreign partners get better at following the money - in this case, cryptocurrency - similar to how the Justice Department a few months ago recovered $2.3 million from a Bitcoin wallet for Colonial Pipeline back when it got breached by criminal hackers in May. Additionally, while the White House says the meetings are led by the U.S., other countries are taking point on different sessions. So India is going to lead a panel on digital defense. Australia will take point on the discussion on disrupting criminal hackers - while the UK and Germany will also lead panels.
MARTÍNEZ: I think if we didn't think so a couple of years ago, this year for sure, I think we know how big of a problem ransomware is.
MCLAUGHLIN: Absolutely. It's a huge challenge that everyone's been hearing about. Companies big and small can and have been victims - hospitals, towns, everyone. A recent estimate pegs payments at almost 2 million on average in 2021. And they're going after the big targets, who are the most likely to pay. It's also not the first time that national security officials have gotten interested in seemingly lowly criminals. Back in 2014 the intelligence community got involved in the Sony hack because North Korea was behind it. Now NSA Director General Nakasone is saying that ransomware is a national security threat and that the government is surging against it.
MARTÍNEZ: Wow. Did Anne Neuberger have those same concerns?
MCLAUGHLIN: She did. But she also struck a hopeful tone. She stressed that there's strength in numbers in fighting ransomware.
NEUBERGER: Firstly, there's always hope out there. Now, that being said, we fight ransomware day by day. And it's something where we need many partners. We need American individuals, companies, partners around the world to fight it together.
MCLAUGHLIN: And one last thing Anne Neuberger said - you should always use multifactor authentication.
MARTÍNEZ: Not one, two, three, four, exclamation point?
MARTÍNEZ: That's NPR cybersecurity correspondent Jenna McLaughlin. Thanks lot.
MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.