The ransomware attacks on meatpacker JBS and Colonial Pipeline are prompting the Biden administration to confront nations such as Russia and China on harboring hackers who cause major disruptions overseas.
The back-to-back attacks from groups based in Russia are raising the stakes for this month’s summit between President Biden and Russian President Vladimir Putin, the first face-to-face meeting for the two leaders since Biden took office.
“This will certainly be a topic of discussion, that harboring criminal entities that are intending to do harm, that are doing harm to the critical infrastructure in the United States, is not acceptable,” White House press secretary Jen Psaki told reporters at the White House on Wednesday. “We are not going to stand by that, we will raise that, and we are not going to take options off the table.”
She stressed that the administration had raised concerns over the multiple Russian-linked attacks on U.S. critical organizations with Moscow and that protecting critical infrastructure was “of the utmost national security importance.”
“We believe that responsible states do not harbor ransomware criminals,” Psaki said.
The concerns around the Kremlin’s treatment of cyber criminals comes after months of escalating cyberattacks linked to Russia.
Last month’s ransomware attack on Colonial Pipeline, which supplies around 45 percent of the East Coast’s fuel, forced the company to shut down operations for a week and led to widespread fuel shortages.
The FBI later confirmed the “DarkSide” ransomware variant had been used to attack the company, with Biden announcing the hackers behind the attack were likely based in Russia but not backed by the Kremlin.
Microsoft assessed last week that the Russian hackers believed to be responsible for the earlier SolarWinds attack, which compromised nine federal agencies, were behind a new effort to target hundreds of organizations by exploiting an email application used by the U.S. Agency for International Development.
Further underlining the threat, White House principal deputy press secretary Karine Jean-Pierre told reporters Tuesday that JBS USA had informed the administration that it believed Russian-based hackers were behind a ransomware attack that hit the company this week. JBS USA is the largest supplier of beef in the country, and all U.S. plants were forced to shut down Tuesday due to the disruptions from the hack.
The FBI on Wednesday said a Russia-linked group was responsible for the attack.
Biden stressed last month plans were underway to put pressure on Russia to take action.
“We are working to try to get to the place where we have an international standard that governments knowing that criminal activities are happening in their territory, that we all move on those criminal enterprises, and I expect that is one of the topics I will be talking about with President Putin,” Biden said as part of a sspeech at the White House.
Jean-Pierre told reporters Tuesday that this effort was part of a multipronged strategy to combat ransomware attacks, which included “building an international coalition to hold countries who harbor ransom actors accountable.”
“Combating ransomware is a priority for the administration. President Biden has already launched a rapid strategic review to address the increased threat of ransomware,” Jean-Pierre said.
Multiple agencies are involved, with the Justice Department establishing a ransomware task force in April, and the Department of Homeland Security highlighting the attacks as the first major cyber-related priority to address.
Still, Biden has come under criticism for not taking a tougher stance against Putin in other areas, particularly after waiving sanctions against the Russian company behind the Nord Stream 2 pipeline and its CEO Matthias Warnig, an associate of Putin’s.
While the recent hacks have largely been tied to Russian-based hackers, the country is not the only one to come under pressure.
China has also been accused of harboring cyber criminals and doing little to rein in their activities, particularly as Beijing is increasingly competitive on the world stage in a number of sectors. North Korea and Iran, two other nations that pose threats to the U.S. in cyberspace, have also been pushed to address cyber criminals within their borders, though U.S. relations with those two countries are virtually non-existent.
The Justice Department last year indicted two Chinese hackers who they say targeted hundreds of companies worldwide, including groups researching COVID-19 vaccines and treatments.
John Demers, assistant attorney general for the agency’s National Security Division, said in announcing the indictments that actions of the Chinese government in protecting the defendants ran “afoul of norms of acceptable state behavior in cyberspace, which the international community must address.”
“China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state,” Demers said at the time.
Concerns around the dangers of ransomware attacks have grown over the past year as cyber criminals increasingly take aim at organizations like hospitals and schools that are more likely to pay a ransom to regain access to their systems.
Amit Yoran, chairman and CEO of cybersecurity group Tenable, said that if the international community does not come together to address the ransomware threat, there could be “catastrophic damages.”
“Cyberattacks do not stop at national borders and we cannot overlook the importance of making cybersecurity a critical component of international cooperation,” Yoran told The Hill on Wednesday. “The U.S. and our allies must work together on cybersecurity policy standards that ensure no government or nation can harbor cyber criminals.”
The Institute for Security and Technology’s Ransomware Task Force, made up of cybersecurity experts from government and industry, released a report in April detailing steps the U.S. should take to confront the threat from ransomware attacks. One top recommendation was to use a “carrot and stick approach” to confront nations harboring ransomware criminals.
Megan Stifel, one of the co-chairs of the task force and the executive director for Americas at the Global Cyber Alliance, told The Hill that an “international coalition of the willing” was needed to put pressure on countries like Russia and China to not allow cyber criminals to operate from within their borders.
“There needs to be an international effort, prioritized and driven by top-level partner nations, to identify ransomware as an international priority and national security risk,” Stifel said.
With Biden slated to meet with Putin in two weeks, and cybersecurity set to be high on the agenda, Stifel said that while it could be helpful to have the two leaders meeting, more would be needed to pressure Russia and other nations to crack down on cyber criminals.
“What would make any such public statements even more effective is if the administration is working diplomatic channels to say to our partners and allies, ‘This is what happened, we really need you to come along with us and highlight the problem that this is for the international community,’ and similarly state to Putin and the others that this type of behavior will no longer be tolerated,” Stifel said.