President Joe Biden said last Friday that there will be consequences for ransomware attacks against U.S. businesses and infrastructure coming from criminal groups inside Russia and a senior administration official said later that U.S. actions will be coming shortly.
Biden called Russian President Vladimir Putin on Friday to discuss the ongoing ransomware attacks against U.S. businesses, the latest coming just over a week ago from a Russia-based group called REvil that affected more than a thousand businesses worldwide.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said in response to a reporter’s question about the phone call. “And secondly, we’ve set up a means of communication now on a regular basis to be able to communicate with one another when each of us thinks something is happening in another country that affects the home country. And so, it went well. I’m optimistic.”
In June, Biden highlighted for Putin during a meeting in Geneva, Switzerland that the U.S. has significant cyber capability and it will be used if Russian continues to violate norms of behavior in cyberspace. Asked by a reporter on Friday if there would be consequences, Biden answered “Yes.”
Later Friday, a senior Biden administration official told reporters “We’re not going to telegraph what those actions will be precisely. Some of them will be manifest and visible. Some of them may not be. But we expect those to take place in the days and weeks ahead.”
The meeting in Geneva followed a ransomware attack in early May by a Russia-based criminal group called DarkSide against U.S. pipeline operator Colonial Pipeline. The cyber-attack only locked up Colonial’s administrative computer networks, but the company as a precautionary measure shutdown its pipelines, leading to fuel shortages along the East Coast and Mid-Atlantic regions of the U.S.
The pipeline operator began a return to operations about a week after the attack.
Biden is under increasing pressure to act on the ransomware attacks. The hack by REvil followed another recent attack by the group against the U.S. subsidiary of a Brazilian meatpacking company.
Following the meeting in Geneva, the president said it could take six months to a year before he knows if the U.S. and Russia have reached a “cybersecurity arrangement that begins to bring some order.”
The senior administration official also pointed out that the U.S. and its allies and partners need to bolster their cyber resiliency and the challenge of cryptocurrencies needs to be addressed. The use of cryptocurrencies enables criminal organizations to hide the money trail when ransoms are paid, making it difficult to track down the perpetrators of crimes.
“So, this is a broad campaign and won’t have an immediate on-off effect like a light switch but we’re going to have to stay on top of this over a period of time and remain focused on it,” the official said.
Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security Committee, told Bloomberg TV on Friday that the U.S. has to “send a very strong, even disproportionate, message to Russia that we’re not going to tolerate this” or the ransomware attack will continue.