White House Vows To ‘Take Action’ Against Russia-Based Cybercriminals if Kremlin Doesn’t
A White House spokesperson said on Tuesday that while the U.S. intelligence community has not yet fully determined whether Russia is behind the recent ransomware attack targeting Miami-based software firm Kaseya, the Biden administration believes Russian authorities “have a responsibility” to crack down on cybercriminals operating from within their country and, if Moscow doesn’t, Washington will “take action.”
“As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” White House press secretary Jen Psaki said at a briefing.
The Russia-based REvil ransomware gang, also known as Sodnokibi, has taken credit for the attack on Miami-based software firm Kaseya, in a message posted on their dark web blog, according to The Record. The group said it had infected over a million systems and is demanding $70 million to publish a decryption tool that will allow the victims to recover from the attack.
Huntress Labs has attributed the attack to REvil, saying in an analysis that, “based on the forensic patterns, ransomware notes and the TOR URL, we strongly believe a REvil/Sodinokibi RaaS affiliate is behind these intrusions.”
REvil was behind the ransomware attack that disrupted operations at JBS Foods in May, according to the FBI.
At the White House briefing, a reporter asked Psaki, “If this is attributed to REvil and they decide that it’s based in Russia, is the president’s view that the response will be proportional to just taking that actor offline or actually direct it at the Russian state instead for harboring?”
Psaki responded by saying it is the Biden administration’s view that even if it is just criminal entities “without the engagement of the Russian government” that are behind the attack, Russian authorities “still have a responsibility.”
“The intelligence community has not yet attributed the attack,” Psaki continued, adding, “the cybersecurity community agrees that REvil operates out of Russia with affiliates around the world, so we will continue to allow that assessment to continue.”
President Joe Biden said over the weekend that “initial thinking was it was not the Russian government, but we’re not sure yet.” He added that the intelligence community was investigating, and if they determine that “it is either with the knowledge of and/or a consequence of Russia,” then “we will respond.”
Psaki said that talks on cybersecurity between the U.S. government and Russian officials have continued since Biden met Russian President Vladimir Putin in Switzerland several weeks ago, and that an expert-level meeting between the two sides on ransomware issues is planned for next week.