US prepares to act on Russian ransomware attack after Biden-Putin call

Biden told Russian leader the US will take 'any necessary action to defend its people and its critical infrastructure'

Russian-language group REvil has been blamed for recent ransomware attacks. AFP
Powered by automated translation

US President Joe Biden told his Russian counterpart Vladimir Putin on Friday that Washington will take “any necessary action” against recent cyber attacks launched against American infrastructure and companies.

Delivered in a call between the two leaders less than a month after their Geneva summit, the message made it clear the US government will be responding to the ransomware attack that hit American and global companies on July 4. A White House official said actions could take place within days.

“President Biden underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasised that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said.

It added that Mr Biden “reiterated [to Mr Putin] that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge”.

On Friday, Mr Biden said he expects Russia to act in hunting down the perpetrators behind the ransomware attack.

“I made it very clear to [Mr Putin] that the United States expects, when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Mr Biden said.

Asked if there would be consequences from the US side, he said: “Yes.”

In a subsequent call with reporters, a senior White House official said the US would take an array of actions.

“We are not going to telegraph what those actions will be precisely; some of them will be manifested and visible, some of them may not be, but we expect them to take place in the days and weeks ahead,” the official said, speaking on condition of anonymity.

Security and intelligence agencies believe the July 4 attack was launched by a Russian-language group that calls itself REvil, an abbreviation of “ransomware evil”. It hit hundreds of American businesses as well as Kaseya, an international company based in Miami.

Security firm Huntress Labs said last week it believed REvil was to blame for a string of recent ransomware attacks. Last month, the FBI blamed the same group for paralysing meatpacking company JBS SA.

Despite Mr Biden's warning with regard to ransomware, he “commended the joint work of [the] respective teams following the US-Russia summit that led to the unanimous renewal of cross-border humanitarian assistance to Syria today in the UN Security Council".

Updated: July 09, 2021, 8:24 PM