President Joe Biden said on Tuesday the ransomware attack centered on the Florida information technology firm Kaseya seems to have inflicted only “minimal damage” on American businesses. “It appears to have caused minimal damage to US businesses, but we’re still gathering information,” Biden told reporters following a briefing from advisers.
“I feel good about our ability to be able to respond.” Friday’s ransomware attack scrambled the data of hundreds of small businesses worldwide, including many in the United States. REvil, a prolific, Russia-linked cybercrime syndicate, took credit for the breach. The president’s comments follow a statement from Kaseya that the attack never posed a threat to critical US infrastructure, which Biden declared off-limits during a summit with Russian President Vladimir Putin last month. But the attack was another illustration of how cybercriminals believed to be operating from Russia are running amok in the United States. Biden has sought to push Putin to bring Russian cybercriminals to heel, so far to little visible effect.
Last month REvil extorted an $11 million ransom out of meatpacker JBS after snarling its supply chain. In May an intrusion by another Russia-linked group at major US fuel transporter Colonial Pipeline led to panic buying, price spikes, and gasoline shortages up and down the East Coast. The Republican National Committee said on Tuesday it learned over the weekend that third-party provider Synnex had been breached, but an investigation by Microsoft determined that no RNC data had been accessed. White House spokeswoman Jen Psaki said earlier on Tuesday that senior US officials would meet their Russian counterparts next week to discuss the ransomware menace.
“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action, on our own,” she said.
The Russian Embassy in Washington and the US National Security Council did not return messages seeking further details about the meeting. On Wednesday, Biden will meet with officials from the Justice Department, State Department, the Department of Homeland Security, and the intelligence community to discuss ransomware and US efforts to counter it, Psaki said. The hack that struck Kaseya’s clients – many of whom are back-office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.
Disruption elsewhere was more severe. In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.” In New Zealand, 11 schools and several kindergartens were affected.
Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that were affected, with a spokesperson estimating that several hundred companies were touched overall. “In Germany, there are no cases as prominent as the one in Sweden,” the spokesperson added. The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.
Kaseya’s CEO told Reuters he would not reveal whether his company planned to pay the ransom or not, or even whether it was negotiating with REvil. Psaki said that while the administration discouraged such payments, questions about whether the data would be ransomed should be directed to Kaseya.