President Joe Biden pushed Russian President Vladimir Putin to disrupt ransomware groups operating within Russian borders in a phone call Friday, according to a White House statement.
“I made it very clear to him that the United States expects [that] when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect [Russia] to act if we give them enough information to act on who that is,” Biden told reporters after the call.
The call came on the heels of the latest major cyberattack against a U.S. company. REvil, a ransomware group believed to be in Russia, hit Florida-based IT software company Kaseya last week. Researchers have suggested that the hack affected between 1,500 to 2000 companies.
The Kremlin says it has not received any official requests from U.S. law enforcement to take action regarding recent cyberattack. A senior White House official responded by saying it has relayed multiple, specific requests for action.
Biden’s call with Putin was meant to assess which actions the Russian government is willing to take against hackers in order for the U.S. to craft a response, the official told reporters. The official declined to comment on any steps the administration has directed or plans to direct U.S. intelligence agencies to take.
The White House has emphasized to Russia in recent days that Biden reserves the right to “take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” the official said.
REvil claimed responsibility for the attack in a post on its blog on July 2. U.S. officials have not officially attributed the attack to the group, however.
Attackers initially demanded $70 million in ransom, though it remains unclear if any victims have agreed to such a request. Known victims of the attack on Kaseya include multiple local governments, Swedish grocery chain COOP, international textile company Miroglio Group and several New Zealand schools.
The ransomware group was already in the crosshairs of U.S. intelligence agencies following another breach targeting the international meat supplier JBS in May. Some experts speculated that the Kaseya attack, which hit days prior to the July 4th holiday, could be interpreted as a response to increased scrutiny from the U.S. government.
The group accounts for 42% of known ransomware victims, according to the threat intelligence firm Recorded Future. The group offers its ransomware code as a service to affiliate groups, further expanding its reach in the cybercriminal world.
Ransomware has become an urgent national security issue for the Biden administration.
Before the attacks on Kaseya and JBS, the ransomware group Darkside forced fuel provider Colonial Pipeline to go offline for several days in May. The outage sparked panic-buying at gas stations throughout southern U.S. states and renewed concerns over protections for critical infrastructure, including the fuel supply.
The White House on Wednesday convened an interagency task force meeting to address the government’s response to the threat of ransomware.
The senior official emphasized that the administration’s response to ransomware will be a long-haul effort consisting of strengthening domestic cybersecurity defenses, working with international partners and assessing concerns about the use of cryptocurrency by cybercriminals.
“This is a broad campaign that won’t immediately have an on/off effect like a light switch,” the official said.