U.S. President Joe Biden warned his Russian counterpart Vladimir Putin to take action against ransomware attacks originating from the country.
During the phone conversation, Biden warned that the United States would hold Russia accountable for such attacks, even if they were not directly authorized by the Kremlin.
Further, Biden said Washington would take any necessary action to defend citizens and critical infrastructure from Russia-based attacks.
Biden warns of consequences for ransomware attacks launched from Russia
Biden warned the Russian president that there would be consequences for ransomware attacks originating from Russia but hoped it wouldn’t come to that.
The stern warning came as the Russian-based REvil ransomware gang took responsibility for the Kaseya supply chain attack that affected about 1,500 organizations. Victims include a software vendor contracted by the Republican National Committee (RNC).
The ransomware gang was also responsible for the JBS ransomware attack that cost the company $11 million. REvil is currently demanding $70 million to decrypt more than $1 million systems affected.
Biden reiterated the “need for Russia to take action to disrupt ransomware groups operating in Russia.” He, however, indicated that he was “committed to continued engagement on the broader threat posed by ransomware.”
The president listed sixteen critical sectors that, if attacked, would warrant a response. The president said it would take between six months to a year to determine if the two countries had “strategic dialogue that matters.”
However, he was optimistic that he would receive the necessary cooperation to address the threat of Russian-based ransomware attacks.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give him enough information to act on who that is,” Biden said.
Additionally, the president said he created a means of communication to discuss events in the other country that affected the home country. When asked about kicking the campaign a notch higher by attacking servers used in ransomware attacks, Biden answered affirmatively.
A White House official addressing the matter refused to elaborate on the type of action that the Biden administration was pursuing.
However, he assured the public that some of the actions would be “manifest and visible” while others would be invisible. Additionally, he disclosed that the administration was seeking “multiple, specific requests for action” on the ransomware threat posed by Russian gangs.
White House Press Secretary Jen Psaki said there was no evidence linking the Russian government to the latest ransomware attack.
She also noted that the REvil ransomware gang operated not only from Russia but also in other countries. She described Biden’s call to Putin as his willingness to cooperate while being candid when there was disagreement.
Kremlin denies talks over ransomware attacks
Kremlin, however, contradicted Biden’s claims saying that both parties held talks over ransomware attacks. The Wall Street Journal quoted Kremlin saying that the two presidents discussed how to “jointly suppress criminal acts in the information space.” The Kremlin also said that Russia had expressed its willingness to cooperate, but U.S. law enforcement had not approached the Russian authorities on the issue.
Biden had earlier urged Putin to take action against ransomware gangs operating from Russia when the two met in Geneva last month.
That conversation followed two major ransomware attacks on Colonial Pipeline and the largest meat handler JBS. Both ransomware attacks were carried out by cybercriminals based in Russia.
Ilia Kolochenko, Founder, CEO, and Chief Architect of ImmuniWeb warns against retaliatory cyber attacks against the suspected perpetrators.
“Counter-attacks against sovereign states, performed without a convincing attack attribution based on sound evidence of the original aggression, will contradict Tallinn Manual and will likely violate international law,” Kolochenko said. “Moreover, any attacked countries will probably retaliate with nation-backed hacking campaigns that may rapidly create chaos and national disaster by damaging critical infrastructure including hospitals, airports, gas or water supply chains.”
He adds that western economies would suffer tremendously from the ensuing cyberwar considering their reliance on digitalized economies.
“Importantly, counter-operations in digital space will not treat the root cause of ransomware: largely ignored cybersecurity hygiene, omnipresent carelessness, and underestimation of cyber risks. The money spent on offensive operations would be better off spent on hardening national cyber-defense capacities including the creation of cybersecurity awareness and support programs for SMEs.
“Finally, to catch up with the EU, the US should finally consider implementing federal data protection and privacy law that has been expected for over a decade. Prevention, regulation and cyber defense is a key to sustainable protection of any country, while cyberwar is a reliable recipe to multiply losses and bring no desired outcomes.”