Biden warns Putin on Russian ransomware attacks

President Biden spoke by phone with Russian President Vladimir Putin on Friday and urged him to take action to disrupt criminal groups operating in Russia that are behind recent ransomware attacks in the United States.

Biden also warned that the U.S. would “take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” according to a White House readout.

The conversation came after a ransomware attack last week on software company Kaseya impacted up to 1,500 companies, many of which were vulnerable small businesses in the U.S. Cybersecurity experts have attributed the attack to the Russian-based “REvil” cyber criminal group. However the Biden administration has not yet formally attributed the attack.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden later told reporters when asked about the phone call.

“Secondly, that we have set up a means of communication now on a regular basis to be able to communicate to one another when each of us thinks something is happening in the other country that affects the home country. It went well, I went optimistic,” he added.

Asked if there would be consequences for the ransomware attacks, Biden answered in the affirmative without elaborating.

A senior administration official told reporters Friday that while the U.S. will not “telegraph” what actions, if any, are taken, there will likely be some form of response.

“Some of them will be manifest and visible, some of them may not be, but we expect those to take place in the days and weeks ahead,” the official said.

White House press secretary Jen Psaki told reporters at a press briefing Friday that the U.S. government does not have new information suggesting the Russian government directed recent ransomware attacks but said, “we also know and we also believe that they have a responsibility … to take action.”

She added that the U.S. knows REvil “operates in Russia and other countries around the world.”

Psaki declined to specify what options are on the table. Biden levied sanctions in April against Russia as a response to the SolarWinds hack. 

“His intent was to make clear and reiterate again that … ransomware attacks by criminal groups on entities in the United States is not acceptable and that we reserve the right to take action,” Psaki said.

The call came a month after Biden and Putin met in person in Geneva to discuss a range of issues, with cybersecurity concerns at the top of the list. During the meeting, Biden gave Putin a list of 16 critical infrastructure entities that Russia could not attack without consequences, and warned him against allowing further malicious cyber activities against the United States.

“President Biden also spoke with President Putin about the ongoing ransomware attacks by criminals based in Russia that have impacted the United States and other countries around the world,” the White House readout of Friday’s conversation between the two leaders said. “President Biden underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware.” 

The readout also said that the two leaders “commended the joint work of their respective teams following the U.S.-Russia Summit that led to the unanimous renewal of cross-border humanitarian assistance to Syria today in the UN Security Council.” 

Psaki said the call was an example of Biden’s willingness to work with Russia on areas of agreement while being “being clear and candid and forthright when there is disagreement.” 

Tensions between the U.S. and Russia have ramped up over the past six months in the wake of several cybersecurity incidents either linked to the Russian government or to Russian-based cyber criminal groups.

The SolarWinds hack, first discovered in December, resulted in nine U.S. federal agencies and 100 private sector groups breached. U.S. intelligence agencies attributed the attack to Russian-government backed hackers.

In addition, debilitating ransomware attacks in May on Colonial Pipeline, which supplies 45 percent of the East Coast’s fuel supply, and on JBS USA, the nation’s largest beef provider, were attributed by the FBI to two separate Russian-based cyber criminal groups. 

Updated at 4:27 p.m.