Biden faces ‘counting moment’ over sprawling Russian cyberattack

Russian cybercriminals’ latest massive ransomware attack puts further pressure on President Joe Biden to follow through on his promise to make Moscow pay for turning a blind eye to digital assaults emanating from within its borders .

The cyberattack leaked on Friday on computer management software maker Kaseya, which may have affected up to 1,500 companies whose vendors were using Kaseya’s product, prompted emergency meetings over the weekend between the FBI, DHS Cybersecurity and Infrastructure Security Agency and other agencies, as officials endeavored to assess the extent of the damage.

But while government cyber advocates help affected companies recover their IT systems, senior officials in the Biden administration face a more daunting challenge: pressure Russian President Vladimir Putin to crack down on criminals like the REvil gang that took credit for infecting Kaseya with ransomware.

After two ransomware attacks plague the US gas and meat supply in May, Biden vowed to ‘take action’ potentially thanks to the “significant cyber capacity” of the United States if Russia continued to harbor ransomware gangs in violation of international standards. But REvil’s breach of the holiday weekend of hundreds or thousands of businesses, from Kaseya to his own clients to those business clients, suggests that Putin did not take Biden’s threat seriously.

As details continued to emerge about the range of businesses hacked through Operation Kaseya, Biden and his appointees declined to say whether the attack crossed some kind of red line and remained vague on the next steps for it. administration.

“It appears to have caused minimal damage to American businesses, but we are still collecting information on the full extent of the attack,” Biden told reporters on Tuesday, while promising “to say more about it in the press. next days”.

“I feel good about our ability to respond,” he added.

The story continues

Earlier Tuesday, White House press secretary Jen Psaki told reporters that U.S. and Russian officials have discussed the Kaseya attack at a “high level” and plan to meet next week to discuss ransomware.

“If the Russian government cannot or does not want to take action against criminal actors [residing] in Russia, we will take action… on our own, ”she said.

This response is unlikely to satisfy policymakers who say only bold action can trigger the wake-up call Putin must receive.

“We are facing a moment of deterrence in deterrence,” John Katko (RN.Y.) House Homeland Security ranking member. told the Daily Mail Monday. “Opponents like Russia create havens for bad actors and we have to project force. “

Biden “will summon key leaders” from several agencies, including the State, Justice and Homeland Security departments and the intelligence community on Wednesday, “to discuss ransomware and our overall strategic efforts to counter it,” Psaki said.

So far, Kaseya’s attack appears to be different from May’s digital strikes on Colonial Pipeline and meat-packing giant JBS, at least in one key aspect: It hasn’t affected infrastructure facilities. critics, such as power plants or hospitals, which Biden declared off limits during his June 16 meeting with Putin in Geneva.

In fact, no major US company has yet been identified among the many victims of the Kaseya breach. The most visible impact to date has been the closure of a Swedish supermarket chain. It also sets this attack apart from previous global ransomware outbreaks, which have crippled targets ranging from Pfizer to shipping giant Maersk in recent years.

“In terms of critical consequences on functions, we see nothing at this point,” said a US official who requested anonymity to discuss an ongoing cyber incident.

A second US official said the attack likely did not cross any administration red lines, both because it did not appear to target critical infrastructure and because there was no clear link to it. the Kremlin. But the official also said the administration needs to be clearer with the Russians about what its red lines really are.

In remarks to reporters on Saturday during a trip to Michigan, Biden appeared to focus on whether the Kremlin was directly responsible for the attack. “The initial thought was that it wasn’t the Russian government, but we’re not sure yet,” the president said.

Yet some cyber researchers were quick to call Operation Kaseya a major – and insidious – cyberattack, given that, once again, hackers exploited a trusted software vendor to deliver their malware.

The government “is still trying to understand the extent of the problem,” according to a DHS official, who also requested anonymity given the sensitivity of the subject. “There is currently no way for CISA to know who is affected and by how much. “

Kaseya has been “very sensitive” to federal investigations, the senior US official said, calling the relationship “very good so far.”

Even so, the attack is likely to fuel congressional efforts to demand more reporting on cyber incidents, which experts say is critical to improving the government’s understanding of evolving threats. Biparty group of senators to introduce bill after returning from the upper house from vacation next week, and in the house, Democrats on Homeland Security Committee prepare their own bill.

Alex Ward, Jonathan Custodio and Nahal Toosi contributed to this report.