With the effects from last week’s REvil ransomware attack on users of Kaseya’s VSA platform still shaking out, President Joe Biden told Russina President Vladimir Putin in a phone call Friday that Putin’s government has a responsibility to disrupt REvil and other ransomware groups that operate from that country.
REvil is one of many ransomware gangs that it is known to operate from Russia, and while authorities in the United States and other countries have called out these groups publicly, the Russian government has shown no appetite for going after them in any way. The attack on Kaseya’s VSA platform has had devastating effects for many of the company’s customers who were hit with REvil ransomware after dozens of MSPs who use VSA were compromised.
“President Biden also spoke with President Putin about the ongoing ransomware attacks by criminals based in Russia that have impacted the United States and other countries around the world. President Biden underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware,” a readout of the call from the White House says.
In the call with Putin, Biden also said that the U.S. may take action of its own, though he did not specify what that could entail.
“President Biden reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” the White House readout says.
“President Biden reiterated that the United States will take any necessary action to defend its people and its critical infrastructure."
Some security and cyber policy experts have been advocating for Biden to pressure Putin on the ransomware issue, and specifically the need for the Russian government to stop ransomware groups from launching attacks.
“Biden, however, can push Putin to act by sending a clear message, proffered privately and directly: Moscow must immediately identify the responsible individuals operating in its territory or subject to its control, produce the encryption keys necessary to unlock the victims’ data, and put a halt to future ransomware attacks from within its borders,” Dmitri Alperovitch and Matthew Rojansky wrote in an op-ed piece in Washington Post this week.
“If not, Washington could hit Russia where it hurts by sanctioning its largest gas and oil companies, which are responsible for a significant portion of the Russian government’s revenue.”
Another potential option is for U.S. teams, either from the military or intelligence community, to run offensive operations against ransomware actors to disrupt their infrastructure and operations.