Biden again urges Putin to disrupt ransomware gangs operating inside Russia

The Kremlin says it has not received any official requests from U.S. law enforcement.
Russian President Vladimir Putin holds a meeting via video conference at the Kremlin in Moscow on June 28, 2021. (Photo by Alexey NIKOLSKY / Sputnik / AFP) (Photo by ALEXEY NIKOLSKY/Sputnik/AFP via Getty Images)

President Joe Biden pushed Russian President Vladimir Putin to disrupt ransomware groups operating within Russian borders in a phone call Friday, according to a White House statement.

“I made it very clear to him that the United States expects [that] when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect [Russia] to act if we give them enough information to act on who that is,” Biden told reporters after the call.

The call came on the heels of the latest major cyberattack against a U.S. company. REvil, a ransomware group believed to be in Russia, hit Florida-based IT software company Kaseya last week. Researchers have suggested that the hack affected between 1,500 to 2000 companies.

The Kremlin says it has not received any official requests from U.S. law enforcement to take action regarding recent cyberattack. A senior White House official responded by saying it has relayed multiple, specific requests for action.


Biden’s call with Putin was meant to assess which actions the Russian government is willing to take against hackers in order for the U.S. to craft a response, the official told reporters. The official declined to comment on any steps the administration has directed or plans to direct U.S. intelligence agencies to take.

The White House has emphasized to Russia in recent days that Biden reserves the right to “take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” the official said.

REvil claimed responsibility for the attack in a post on its blog on July 2. U.S. officials have not officially attributed the attack to the group, however.

Attackers initially demanded $70 million in ransom, though it remains unclear if any victims have agreed to such a request. Known victims of the attack on Kaseya include multiple local governments, Swedish grocery chain COOP, international textile company Miroglio Group and several New Zealand schools.

The ransomware group was already in the crosshairs of U.S. intelligence agencies following another breach targeting the international meat supplier JBS in May. Some experts speculated that the Kaseya attack, which hit days prior to the July 4th holiday, could be interpreted as a response to increased scrutiny from the U.S. government.


The group accounts for 42% of known ransomware victims, according to the threat intelligence firm Recorded Future. The group offers its ransomware code as a service to affiliate groups, further expanding its reach in the cybercriminal world.

Ransomware has become an urgent national security issue for the Biden administration.

Before the attacks on Kaseya and JBS, the ransomware group Darkside forced fuel provider Colonial Pipeline to go offline for several days in May. The outage sparked panic-buying at gas stations throughout southern U.S. states and renewed concerns over protections for critical infrastructure, including the fuel supply.

The White House on Wednesday convened an interagency task force meeting to address the government’s response to the threat of ransomware.

The senior official emphasized that the administration’s response to ransomware will be a long-haul effort consisting of strengthening domestic cybersecurity defenses, working with international partners and assessing concerns about the use of cryptocurrency by cybercriminals.


“This is a broad campaign that won’t immediately have an on/off effect like a light switch,” the official said.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts