Friday’s call comes just three weeks after the ransomware onslaught dominated their first summit, in Geneva. Shortly after that meeting, Biden said he told the Russian president he would respond “revolutionally” against Russia if Putin did not take action against groups operating on its territory.
But that three-hour meeting was primarily a general discussion of the issue and an attempt to convince Putin that the presence of Russian cybercriminals is not in Moscow’s interest either. By calling immediately after REvil’s latest attack, he is essentially creating a test of Putin’s willingness to act. But Mr. Biden declined to say whether the US had requested specific action against individuals it believes are part of REvil.
While the United States and Russia have long been interested in state-sponsored attacks – including the SolarWinds espionage by Russia’s elite SVR intelligence agency, or the attack by a military intelligence unit Russian team against the Democratic National Committee and its release of embarrassing emails in 2016 – ransomware attacks of a different nature. Administration officials fear that, if left unaddressed, they could cripple key sectors of the US economy. And they suspect that the Russian authorities are tolerating the groups — and sometimes digging into their talent pool for intelligence and other cyber operations.
The White House has blamed a Russian ransomware group, DarkSide, for the attack on the Colonial Pipeline that halted deliveries of gasoline and jet fuel to the East Coast this spring. REvil is believed to be behind the attack on one of the country’s largest meat processors, JBS, which briefly halted production at the end of May. The company paid REvil $11 million in crypto.
But the REvil attack over the July 4 holiday was an escalation, officials said, not just because of its timing, following the Geneva summit, but because of the unusually advanced attack. in terms of technique and aggressive range. Instead of targeting one company directly, REvil infiltrated a Florida tech company that had high-level access to tech companies serving thousands of others. If the company, Kaseya, doesn’t catch the attack quickly, the consequences could be catastrophic, officials and cybersecurity experts said.
Mr. Biden’s challenge to Mr. Putin could pose a major credibility test in the coming weeks – and further escalate a series of Cold War-like confrontations between the United States and Russia, currently underway. out in cyberspace, not through the Berlin Wall.
Until recently, the US largely viewed ransomware as a criminal problem, pointing to the top actors if they could identify them. Few have ever seen the inside of an American courtroom.