About six months ago, President Joe Biden gave Russian President Vladimir Putin an ultimatum — clamp down on ransomware operators within Russia, or suffer consequences.
"I talked about the proposition that certain critical infrastructure should be off limits to attack — period — by cyber or any other means […] We'll find out within the next six months to a year whether or not we actually have a strategic dialogue that matters," President Biden said.
Yet, it's difficult to tell whether Russian ransomware activity has actually changed based on President Biden's threat. This week, three federal agencies put out new guidance for businesses to best prepare for mitigating Russian state-sponsored attacks to critical infrastructure.
"I think Biden did the exact right thing — send that message clearly, and also be realistic," said Chris Painter, president of the Global Forum on Cyber Expertise and former Obama administration cyber diplomat. "We don't necessarily expect to change overnight, but you expect to change over a period of time. The proof is going to be in the pudding. But to that point, I'm not sure we've seen a lot of proof in the pudding yet."
Russian ransomware gangs are thought to operate with impunity from the Russian government, even though they're doing it mostly for their own financial gain and not distinctly for geopolitical reasons. Thus, there's no guarantee that a directive from the Kremlin will stop these groups from launching cyberattacks.
Cybersecurity experts told Newsy that regardless of whether Russian ransomware gangs are deterred by President Biden's threat, there has been one clear effect: a lull in attacks launched at high-profile targets, like the one on Colonial Pipeline that led to gasoline shortages. This doesn't mean the frequency of attacks has slowed, however.
"The Kremlin put the message out: 'Don't do things to get the headlines,'" said Jim Lewis, former government cyber official and director of the Center for Strategic and International Studies Strategic Technologies Program. "But what I'm told is that the overall rate of ransomware attacks hasn't gone down; it's just you're not going to see another Colonial Pipeline."
Dr. Eric Cole, CEO of Secure Anchor, said, "Since that meeting, the number of incidents we've done for small to medium-sized companies where the ransom payment is typically below 100K has increased exponentially, and the really big attacks have almost disappeared."
"Frankly, there's also a sense for the ransomware groups that they don't want their heads up that high, either," Painter said. "I mean, they want to make money. They don't want to be the focus of all this attention. So that may be in part why we haven't seen those infrastructure attacks as much, but I don't think that means they're off the table or we're not going to see them again."
Looking forward, foreign policy experts told Newsy that whether the U.S. sees more Russian-born ransomware attacks will also be dependent on how other U.S.-Russia negotiations fare.
"If negotiations go south, as many expect them to on issues like NATO's enlargement and guarantees about Ukraine's recession — and whatever happens militarily in Ukraine — Russia could say, 'Well, we negotiated in good faith on cybersecurity; we didn't get what we wanted, and we didn't get what we wanted on anything else, so, it's not our fault.'" said David Salvo, deputy director at Alliance for Securing Democracy and former foreign service officer in Russia.