CENTRAL LAKE – President Joe Biden said Saturday that he ordered US intelligence agencies to investigate who was behind a sophisticated ransomware attack that affected hundreds of US companies and raised suspicions of involvement in Russian gangs.
Security firm Huntress Labs said on Friday that it believed the Russian-linked REvil ransomware gang was to blame for the latest ransomware outbreak. Last month, the FBI blamed the same group for paralyzing meat packing company JBS SA.
Biden, on a visit to Michigan to promote his vaccination program, was asked about the stunt while shopping for cakes at a cherry orchard market.
Biden said “we are not sure” who is behind the attack. “The initial idea was that it was not the Russian government, but we are not sure yet,” he said.
Biden said he had ordered US intelligence agencies to investigate, and the United States will respond if they determine Russia is at fault.
During a summit in Geneva on June 16, Biden urged Russian President Vladimir Putin to crack down on cyber hackers emanating from Russia and warned of the consequences if such ransomware attacks continue to proliferate.
Biden said he would receive information about the latest attack on Sunday.
“If it is with the knowledge and / or a consequence of Russia, then I told Putin that we will respond,” Biden said, referring to what he told Putin in Geneva.
The hackers who attacked on Friday hijacked widely used technology management software from a Miami-based vendor called Kaseya. They changed a Kaseya tool called VSA, used by companies managing technology in smaller companies. They then encrypted the files of those providers’ clients simultaneously.
Huntress said it was tracking eight managed service providers that had been used to infect about 200 clients.
Kaseya said on her own website Friday that she was investigating a “potential attack” on the VSA, which is used by IT professionals to manage servers, desktops, network devices and printers.
“This is a colossal and devastating attack on the supply chain,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly notorious hackers’ technique of hijacking a piece of software to engaging hundreds or thousands of users at a time.
In a statement on Friday, the US Cybersecurity and Infrastructure Security Agency said it was “taking steps to understand and address the recent supply chain ransomware attack” against Kaseya’s VSA product.
Attacks on the supply chain have risen to the top of the cybersecurity agenda after the United States accused hackers of operating under the direction of the Russian government and of tampering with a network monitoring tool built by the firm of Texas SolarWinds software.
On Thursday, US and British authorities said Russian spies accused of interfering in the 2016 US presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations in all the world.
On Friday, the Russian embassy in Washington denied that charge. (Reporting by Trevor Hunnicutt; additional reporting by Raphael Satter and Joseph Menn; writing by Steve Holland; editing by Daniel Wallis, David Gregorio, and Diane Craft)