US calls on Russia to rein in ransomware operators

Speaking to a UN Security Council Briefing focusing on ransomware attacks against healthcare entities last week, the United States has called on Russia to do more to combat cyber criminals operating with apparent impunity on Russian soil.

Anne Neuberger, the US deputy national security adviser, made her statements during a UN Security Council Briefing on Ransomware Attacks against Hospitals and Other Healthcare Facilities and Services, at which the US also presented a joint statement on behalf of dozens of countries addressing the issue.

Neuberger’s address focused on three key areas: the nature of the ransomware threat, particularly concerning healthcare entities, what the US is doing to combat this threat, and finally, the role individual nation-states “must play in confronting this challenge”.

“The reality is that ransomware attacks on hospitals and healthcare systems are a serious threat to international peace and security. They jeopardise lives; they destabilise societies,” Neuberger said during her 8 November address.

“The Security Council, therefore, has a role to play in countering this threat to peace, and in spurring countries to action.”

Neuberger outlined the scale of the threat. There were more than 1,500 attacks in 2023 alone, costing more than US$1.1 billion in ransom payments. However, the costs of attacks on healthcare are more than just financial.

“What does a ransomware attack mean for a hospital? … It means ambulances diverted and other delays in emergency care, cancellation of surgeries, delays to important medical treatments, and breaches of extremely sensitive healthcare records. When directed at blood banks, ransomware attacks can prevent access to life-saving supplies,” Neuberger said.

“Ransomware targeting these facilities can result in major disruptions that jeopardise patient care and access to medications, increase the length of patient stays, force the transfer of patients to other facilities, and cost lives.”

VIEW ALL

According to Neuberger, “dozens of patients” have lost their lives in the US alone, in incidents related to ransomware attacks.

The US and 40 other nations are doing what they can to combat ransomware, Neuberger said, including banning healthcare organisations from making ransomware payments, combating the laundering of funds through virtual asset service providers, and, through USAID, assisting other countries in building cyber resilience to resist the deleterious effects of ransomware attacks.

To combat the threat of ransomware, Neuberger called on every state to “act in accordance with the Framework for Responsible State Behavior in Cyberspace, endorsed by the UN General Assembly repeatedly, and by consensus”.

“By affirming this framework, we have already made commitments to address malicious cyber activities emanating from our territories.

“Under the framework, states should not knowingly allow their territory to be used for internationally wrongful acts using information and communications technologies; and they should respond to appropriate requests to mitigate malicious ICT activity emanating from their territory aimed at the critical infrastructure of another state,” Neuberger said.

The deputy national security adviser added that when threat actors operate from foreign soil, it is incumbent on that state to “investigate and mitigate that activity in line with the framework’s norms, especially when they have been asked to do so”.

This is when Neuberger took direct aim at Russia, known to harbour several high-profile ransomware gangs.

“Yet some states – most notably, Russia – continue to allow ransomware actors to operate from their territory with impunity, even after they have been asked to rein it in,” Neuberger said.

“The developer and administrator of the cyber criminal gang LockBit is Russian national Dmitry Khoroshev, whom our Department of Justice has charged for committing hacking crimes.

“We assess cyber criminals affiliated with the most impactful ransomware variants, like the one that committed the attack against Ascension healthcare, are tied to Russia, based on members’ citizenship, geographic location, claimed allegiance or association with known Russian cyber actors.”

Neuberger also noted that many of these actors use Russian banks and cryptocurrency exchanges and that President Joe Biden had personally called on President Vladimir Putin to take action. Biden warned Putin that if a ransomware attack is launched from Russian soil, it is the Russian government that must take action.

Apparently to no avail.

“Instead of adhering to its UN commitments, Russia continues to harbour these criminals. The United States implores states not to follow Russia’s practice in protecting international cyber criminals, and reiterates our request for states to follow the Framework for Responsible State Behavior in Cyberspace as a matter of upholding international peace and security,” Neuberger said.

To that end, Neuberger issued a final “call to action”.

“Countries that experience a ransomware attack against a hospital should inform the country of origin of the attack and request that they take action in line with their UN commitments regarding responsible state behaviour in cyber space.”

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.