President Joe Biden looks at Russian leader Vladimir Putin during their meeting in Geneva, June 16, 2021 (Getty)
President Joe Biden warns Russian leader Vladimir Putin that the Kremlin must soon halt the groups carrying out ransomware attacks on the US.
Biden said in a Friday phone call that the attacks will be treated as national security threats.
“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” the President told reporters.
Later he replied, “Yes”, to the question if American agencies might attack servers used by Russian cybercriminals. US Cyber Command could also freeze bank accounts or seize cryptocurrency wallets.
At their summit in Geneva last month, Biden said the Kremlin must follow the “basic rules of the road” in international relations. He cited past and present behavior on issues such as Ukraine, the attempted assassination and detention of opposition figure Alexei Navalny, and Moscow’s cyber-attacks on the US Government, companies, and infrastructure.
Biden gave Putin a list of 16 critical sectors that are off-limits to any cyber-operations.
But Russian ransomware assaults have continued. Last weekend the group REvil carried out a sophisticated attack. It breached a Florida technology company which gives high-level access to tech firms that service thousands of other companies. The Florida company, Kaseya, detected the attack quickly before there were widespread effects.
REvil is believed to be responsible for May’s operation that briefly shut down one of the largest US meat processors, JBS, before the Russians were paid $11 million in cryptocurrency. Another group, DarkSide, is blamed for the attack on Colonial Pipeline that halted gasoline and jet fuel deliveries on the East Coast this spring, leading to gas shortages and panic buying.
A “senior Administration official” said Washington will now meet the attacks with a series of responses, “Some of them will be manifest and visible. Some of them may not be. But we expect that those take place in the days and weeks ahead.”
Past US responses have been mixed in results. Before the 2020 election, fearing Russian attacks on the vote, US Cyber Command disrupted the criminal group TrickBot. However, the group revived and carried out a ransomware attack on US hospitals, freezing records and prevented timely treatment of cancer patients.
The FBI retrieved more than half of the $4 billion ransom paid by Colonial Pipeline, but has yet to recoup any of the $11 million ransom that REvil collected from JBS