‘We expect them to act’: Biden presses Putin on ransomware groups, hints at retaliation
Joe Biden has increased pressure on Vladimir Putin to move against ransomware groups operating from Russia, warning the United States is prepared to respond if cyberhacks are not stopped.
The two leaders held an hour-long phone call on Friday, their first since they discussed ransomware attacks at a summit in Geneva on 16 June. Biden’s message to Putin in the call was direct, suggesting a growing impatience over attacks that have disrupted key US sectors.
“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden told reporters.
He said the two governments have now set up a means to communicate on a regular basis “when each of us thinks something is happening in another country that affects the home country”.
“And so it went well. I’m optimistic,” he said.
The United States has not indicated how it plans to respond to the attacks emanating from Russia, but Biden hinted at digital retaliation if Russian cooperation was not forthcoming.
Asked by a Reuters reporter whether it would make sense to attack the Russian servers used in such intrusions, Biden paused, smiled and said: “Yes.”
Biden told reporters there would be consequences to Russian inaction, but gave no details. He said a joint meeting had been set for 16 July, adding, “I believe we’re going to get cooperation.”
A senior Biden administration official said a response could come soon. “We’re not going to telegraph what those actions will be precisely – some of them will be manifest and visible, some of them may not be – but we expect those to take place, you know, in the days and weeks ahead,” the official told reporters.
Ransomware is a breed of malicious software that hackers use to hold data hostage in exchange for payment. Cybercriminals have used it to paralyze thousands of American organisations and businesses around the world, setting off a series of increasingly high-profile crises.
Many of the gangs carrying out the ransomware attacks are alleged by American officials and cybersecurity researchers to be operating out of Russia with the awareness, if not the approval, of the government there.
The White House press secretary, Jen Psaki, said on Friday that the United States had no new information suggesting the Russian government directed last week’s ransomware attack on Florida IT firm Kaseya by prolific cybercrime syndicate REvil, but said Moscow had a responsibility to take action against such groups operating in Russia.
Moscow and Washington disagreed over whether the United States had formally sought Russian assistance to rein in ransomware attacks.
A Kremlin statement said Putin told Biden that Russia “had not received any requests from the relevant US departments in the last month despite the readiness of the Russian side to jointly stop crime in the sphere of information”.
The senior Biden administration official disputed this statement, telling reporters in a conference call that multiple requests had been made by the United States to Russia through normal diplomatic channels.
Internet crime has bedevilled US-Russian relations since the 1990s, when American cyber experts first began complaining of spam emails from Russia. But the disruptive power of ransomware has taken the issue to a new level.
In May cybercriminals alleged to be operating from Russia froze the operations of critical fuel transport group Colonial pipeline, setting off gasoline shortages, price spikes and panic buying on the US East Coast.
The following month a different Russia-linked group, REvil, struck meatpacker JBS, briefly disrupting its food supply chain. Last week the same group claimed responsibility for a mass ransomware outbreak centered on Kaseya.