Russian President Vladimir Putin and U.S. President Joe Biden may have agreed to develop a cyber-security arrangement, but progress is likely to be complex after both sides disagreed about who was to blame for the growing problem of ransomware. Biden says he gave Putin a list of 16 specific critical entities that should be considered “off-limits” from future cyber-attacks. However, Putin told reporters that the Colonial Pipeline attack and others have “nothing to do with Russian authorities,” the BBC reports. Putin also claimed he had been told by U.S. sources that most cyber-attacks originate from the U.S., and that Russian attempts to get information about attacks originating from the U.S. are being ignored. The anonymous nature of the cyber world means it is hard to know exactly who is doing the attacking and from where. However, over the last few years a pattern has been observed by experts. “The intelligence and research community believes that the attacks are coming from former Soviet block countries, namely Russia, Ukraine, and others”, says former Russian hacker and now cyber-security expert Dmitry Smilyanets. In 2019, two Russian individuals were indicted by U.S. and U.K. authorities accused of running the Evil Corp ransomware gang but both men remain free in Russia. Putin told reporters that Russia regularly faces ransomware attacks and cited the example of a Russian healthcare service being hit by hackers, which he claimed was carried out by U.S. hackers. The reason there are so few ransomware attacks on Russia and the former Soviet states is often put down to the much discussed “One Rule” of Russian hacking, which means you can go after anyone as long as they are not on friendly soil. But there’s no doubt that ransomware gangs are operating in many other countries. Hackers in North Korea for example were responsible for the most serious ransomware attack in history that affected hundreds of NHS hospitals in the U.K. in 2017. On the same day as the Geneva summit, six suspected criminals were arrested in Ukraine for alleged links to a ransomware group called Clop. They are accused of being involved with attacks against organizations in the U.S. and South Korea. Another suspected hacker was arrested in Canada in January for his alleged involvement with another ransomware group called Netwalker. However, none of these recent arrests is thought to have seriously harmed the core criminal enterprises of well-funded ransomware networks.