The Biden administration has been in touch with “a high level of Russian officials” following Friday’s ransomware attack on thousands of organizations around the world, White House press secretary Jen Psaki said. It is believed to be the single biggest ransomware attack yet.


What You Need To Know

  • The Biden administration has been in touch with “a high level of Russian officials” following Friday’s ransomware attack on thousands of organizations around the world, White House press secretary Jen Psaki said

  • While cybersecurity researchers have blamed REvil, a Russian cybercriminal group, Psaki said U.S. intelligence officials have not yet completed their assessment

  • But the White House spokeswoman said Tuesday there have been ongoing expert-level talks between Russia and the U.S. since President Joe Biden raised the issue of cyberattacks during his summit with Russian President Vladimir Putin last month

  • President Biden said that the attack "appears to have caused minimal damage to U.S. businesses" after a meeting with his national security team, but said that he would have more to say on the attack in the coming days

While cybersecurity researchers have blamed REvil, a Russian cybercriminal group, Psaki said U.S. intelligence officials have not yet completed their assessment.

But the White House spokeswoman said Tuesday there have been ongoing expert-level talks between Russia and the U.S. since President Joe Biden raised the issue of cyberattacks during his summit with Russian President Vladimir Putin last month. Another meeting focusing on ransomware is scheduled for next week, she said.

Biden has called on Putin not only to refrain from launching cyberattacks but also for Russia to refuse to harbor such criminals.

“We're not saying they're coming from the government or directed from the government, but even with those actors, they have a responsibility,” said Psaki, who did not go into detail about the talks. 

The press secretary also said Biden on Wednesday will convene key leaders from the State, Justice and Homeland Security departments, as well as other intelligence agencies, to discuss ransomware attacks and how to respond to them. 

“What he had asked the team to do several weeks ago was to review and assess what our options are and how we can better again put in place partnerships with the private sector, best practices, what levers we have from the federal government, including disruption of ransomware infrastructure and actors,” Psaki said.

Later Tuesday, President Biden said that he received an update on the attack from his national security team and says it "appears to have caused minimal damage to U.S. businesses."

Biden said that he would have more to say in the coming days, but added: "I feel good about our ability to be able to respond."

More details emerged Monday from the attack. The criminals essentially used a tool that helps protect against malware to spread it globally.

Thousands of organizations — largely firms that remotely manage the IT infrastructure of others — were infected in at least 17 countries. 

Because the attack came just as a long Fourth of July weekend began, many more victims were expected to learn their fate when they return to the office Tuesday.

REvil is best known for extorting $11 million from the meat processor JBS last month. Security researchers said its ability to evade anti-malware safeguards in this attack and its apparent exploitation of a previous unknown vulnerability on servers owned by the software company Kaseya reflect the growing financial muscle of REvil and a few dozen other top ransomware gangs whose success helps them afford the best digital burglary wares. Such criminals infiltrate networks and paralyze them by scrambling data, extorting their victims.

REvil was seeking $5 million payouts from the so-called managed service providers that were its principal downstream targets in this attack, apparently demanding much less — just $45,000 — from their afflicted customers.

But late Sunday, it offered on its dark web site to make available a universal decryptor that would unscramble all affected machines if it's paid $70 million in cryptocurrency. Some researchers considered the offer a PR stunt, while others thought it indicates the criminals have more victims than they can manage.

A wide array of businesses and public agencies were affected, including in financial services and travel, but few large companies were hit, the cybersecurity firm Sophos said. Sweden, the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya were among countries affected, researchers said.

In a statement Sunday, deputy U.S. national security adviser Anne Neuberger urged all victims to alert the FBI. A day earlier, the FBI said in an alert that the attack's scale "may make it so that we are unable to respond to each victim individually.”

Psaki said the U.S. policy of advising companies not to pay ransoms has not changed, although JBS and Colonial Pipeline are among those who have relented.

“Companies paying ransomware … incentivizes bad actors to repeat this behavior,” she said.

Kaseya said in a prepared statement that it believed only about 800 to 1,500 of the estimated 800,000 to 1,000,000 mostly small business — customers of companies that use it software to manage IT infrastructure - were affected by the attack.

However, cybersecurity experts said it was too early for Kaseya to know the true impact of Friday's attacky.

"Given the relationship between Kaseya and MSPs (managed service providers), it’s not clear how Kaseya would know the number of victims impacted. There is no way the numbers are as low as Kaseya is claiming though,” said Jake Williams, chief technical officer of the cybersecurity firm BreachQuest.

-

Facebook Twitter