President Biden downplayed damage from the massive ransomware attack targeting hundreds of US companies during the fourth of July weekend, saying it inflicted only “minimal damage” on American businesses while refusing to place the blame on Russia for the global breach.
“I can tell you a couple of things. I received an update from our national security team this morning. It appears to have caused minimal damage to U.S. businesses, but we’re still gathering information to the full extent of the attack. And I’m going to have more to say about this in the next several days,” Biden told reporters Tuesday.
“We’re getting more detail and information. But that’s what I can tell you now. And I feel good about our ability to be able to respond,” Biden added.
At least 200 US companies were hit by a major cyberattack on Friday. The “colossal” ransomware attack, one of the largest attacks in history, occurred first at Kaseya, a Florida-based IT company, and spread through the corporate networks that use its software. Across the globe, well over 1,000 companies were targeted, causing severe disruption in supermarkets opening and schools.
A Russian-linked cyber-criminal group — REvil, has taken responsibility for the cyberattack, demanding $70 million in Bitcoin to undo the system shutdown damage. The FBI named the gang for the JBS hack in May that paralyzed operations of the world’s largest meat supplier.
“On Friday, we launched an attack on [managed service providers]. More than a million systems were infected,” REvil posted on the Dark Web site Happy Blog that was written in broken English.
The newest attacks appeared to cross the red lines set by Biden following last month’s high-stakes summit with Russian President Vladimir Putin. During the summit, Biden demanded that the Russian leader rein in ransomware activities against the United States but presented Putin with a list of 16 critical infrastructure sectors that are “off-limits” to cyberattacks and, if attacked, would provoke a response.
White House press secretary Jen Psaki said earlier Tuesday also refused to attribute the attack to Russia, saying it would be “disproving a negative” since the intelligence community has “not yet attributed the attack.”
“I would say it’s a little bit like disproving a negative there. Because — what we’re talking about here is ransomware attacks from likely criminal actors. Again, it hasn’t been fully attributed yet, so we’re getting a little bit ahead,” Psaki said when asked if there was any evidence that Putin has attempted to curb ransomware attacks originating in Russia.
“Now, in this case, the intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world, so we will continue to allow that assessment to continue. But in our conversations, and we have been in touch directly — we are continuing to convey that message clearly,” Psaki added.
Psaki also said that senior US officials are expected to meet with their Russian counterparts next week for an “expert-level meeting” to discuss the ransomware attacks. Talks between the U.S. government and Russian officials have continued following the Biden-Putin summit.</p>
“I will just reiterate a message that these officials are sending. As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.
On Wednesday, Biden plans to convene leaders from the State Department, Justice Department, Homeland Security Department, and the intelligence community to discuss ransomware attacks and “our overall strategic efforts to counter it.”