15 July 2021

Biden Urges Putin to Give up Russian Ransomware Gangsters, Threatens Unspecified 'Consequences'

PATRICK TUCKER

U.S. President Joe Biden talked to Russian President Vladimir Putin on Friday in the wake of yet another devastating ransomware attack carried out by cybercriminals working in Russia. Biden promised “consequences” if Russia doesn’t crack down and name cyber groups using Russia as a safe harbor to perpetuate such attacks against Western targets, but he has not outlined what those consequences would be.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it's not, not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said this morning during a press briefing.

When a reporter asked if there would be consequences for the Russian government failing to crack down on Russian criminal groups, Biden answered “yes,” and left the room.

The meeting comes on the heels of a ransomware campaign last weekend by a Russian cybercriminal group called REvil. The attack hit schools in New Zealand and other targets across the globe, forcing some 800 grocery stores in Sweden to temporarily close.

A senior administration official speaking on the phone with reporters Friday afternoon urged patience as the United States continues to pursue a multi-pronged response to Russian activities. The efforts “won’t have immediate on or off effect, like a light switch,” the official said.

Some of the government response looks like the executive order the White House put out in May, mandating tougher cybersecurity standards for government agencies and contractors, and continued efforts to help infrastructure companies in particular more quickly recover from ransomware and other types of attacks, sometimes called resilience.

The White House is also looking at the role that cryptocurrencies play in facilitating ransomware incidents and is urging allied governments to improve their own ability to quickly recover from attacks. The public will learn of additional moves that the White House is taking in the “days and weeks ahead” said the senior administration official.

Some members of the cybersecurity community have urged the White House to pursue targeted sanctions against the Russian government for the role it plays in allowing Russian criminal groups to attack targets.

“Washington could hit Russia where it hurts by sanctioning its largest gas and oil companies, which are responsible for a significant portion of the Russian government’s revenue. Biden can expand sovereign debt sanctions already in place, making it harder for Russia to raise funds from international creditors. And Biden should insist that the response from Russia come within days, not weeks or months. U.S. businesses and consumers cannot afford to wait,” Dmitri Alperovitch, one of the founders of cybersecurity company CrowdStrike (who has since departed the company) and current head of the Silverado policy think tank said in a Washington Post op-ed this week.

The Russian government, Alperovitch said, could easily act against such groups if it chose to. “Although it’s quite plausible that top Russian officials neither directed nor even had prior knowledge of REvil’s latest attack, it’s certainly conceivable that lower-and mid-level officials are aware of the hackers and their activities.”

Russian security services could scoop up the attackers “and force them to unlock the data to stop the damage to businesses worldwide, including in the United States,” Alperovitch said, but Putin may have a number of reasons for not doing so.

Any future policy or sanctions response must include allies and must assuage their concerns about potential energy price effects from multilateral action against the Kremlin, he said.

“Trading partners in Europe and Asia—which import considerable amounts of Russian energy—could face a painful choice between winding down energy contracts impacted by sanctions and losing access to Russia as an export market, or losing access to U.S. markets and currency,” Alopervitch said.

No comments: