By Trevor Hunnicutt
CENTRAL LAKE, me. (Reuters) – President Joe Biden said on Saturday he ordered US intelligence agencies to investigate who was behind a sophisticated ransomware attack that affected hundreds of US companies and raised suspicions of involvement in Russian gangs.
Security firm Huntress said on Friday that it believed the Russian-linked REvil ransomware gang was to blame for the latest ransomware outbreak. Last month, the FBI blamed the same group for paralyzing meatpacker JBS.
Biden, on a visit to Michigan to promote his vaccination program, was asked about the stunt while shopping for cakes at a cherry orchard market.
Biden said “we are not sure” who is behind the attack. “The initial idea was that it was not the Russian government, but we are not sure yet,” he said.
Biden said he had ordered US intelligence agencies to investigate, and the United States will respond if they determine Russia is at fault.
During a summit in Geneva on June 16, Biden urged Russian President Vladimir Putin to crack down on cyber hackers emanating from Russia and warned of the consequences if such ransomware attacks continue to proliferate.
The hackers who attacked on Friday hijacked widely used technology management software from a Miami-based vendor called Kaseya. They changed a Kaseya tool called VSA, used by companies managing technology in smaller companies. They then encrypted the files of those providers’ clients simultaneously.
Huntress said it was tracking eight managed service providers that had been used to infect about 200 clients.
Kaseya said on her own website that she was investigating a “potential attack” on the VSA, which is used by IT professionals to manage servers, desktops, network devices, and printers.
“This is a colossal and devastating attack on the supply chain,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly high-profile hacking technique to hijack a piece of software. to engage hundreds or thousands of users at once.
In a statement on Friday, the US Cybersecurity and Infrastructure Security Agency said it was “taking steps to understand and address the recent supply chain ransomware attack” against Kaseya’s VSA product.
Attacks on the supply chain have risen to the top of the cybersecurity agenda after the United States accused hackers of operating under the direction of the Russian government and of tampering with a network monitoring tool built by the firm of Texas SolarWinds software.
On Thursday, US and British authorities said Russian spies accused of interfering in the 2016 US presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations in all the world.
On Friday, the Russian embassy in Washington denied that charge.
Fusion Media or anyone involved with Fusion Media will not accept any responsibility for loss or damage as a result of reliance on information, including data, quotes, charts, and buy / sell signals contained on this website. Be fully informed about the risks and costs associated with trading the financial markets, it is one of the riskiest forms of investment possible.