US President Joe Biden has spoken to Russian President Vladimir Putin and asked him to take action to disrupt groups operating in Russia that Washington claims are behind recent ransomware attacks in the United States.
In the phone call on Friday, Biden “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia,” according to a White House readout.
Biden also warned that the United States would “take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” according to the White House.
The conversation came after a ransomware attack last week on software company Kaseya impacted up to 1,500 companies. US Cybersecurity experts have attributed the attack to the Russian-based “REvil” cyber group.
“Based on a combination of the service providers reaching out to us for assistance along with the comments we’re seeing in the thread we are tracking on our Reddit, it’s reasonable to think this could potentially be impacting thousands of small businesses,” according to John Hammond, a cybersecurity researcher at Huntress Labs.
Later on Friday, Biden held a press conference where he talked about the phone call.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” he said.
“Secondly, that we have set up a means of communication now on a regular basis to be able to communicate to one another when each of us thinks something is happening in the other country that affects the home country. It went well, I went optimistic," he added.
Biden also suggested that there would be consequences for the ransomware attacks, without elaborating what exactly he meant.
Meanwhile, White House press secretary Jen Psaki told reporters on Friday that the Biden administration does not have new information suggesting the Russian government directed recent ransomware attacks but said, “we also know and we also believe that they have a responsibility … to take action.”
But she added that the US government knows REvil “operates in Russia and other countries around the world.”
“His intent was to make clear and reiterate again that ... ransomware attacks by criminal groups on entities in the United States is not acceptable and that we reserve the right to take action,” Psaki said, referring to the US president and his conversation to the Russian leader.
last week, it was reported that hundreds of American companies were hit by the new ransomware attack, setting off alarm bells among US cybersecurity officials who have been increasingly rattled by a new wave of cyberattacks targeting broad sectors of the US economy.
The cyberattack, which is suspected to have been launched by the same group that hit meat supplier JBS Foods this spring, infiltrated a major software company called Kaseya and compromised hundreds of its IT management clients.
The cyberattackers, whom US cybersecurity experts said likely operated out of Russia, managed to smuggle ransomware onto the network platform of Kaseya, whose signature VSA software is widely used by IT management companies and other businesses around the world.