By Raphael Satter and Andrea Shalal
WASHINGTON (Reuters) – President Joe Biden said Tuesday that the ransomware attack targeting Florida information technology company Kaseya appears to have inflicted only “minimal damage” on US companies.
“It appears to have caused minimal harm to American companies, but we are still gathering information,” Biden told reporters after a briefing by advisers.
“I feel good about our ability to respond.”
Friday’s ransomware attack encrypted the data of hundreds of small businesses around the world, including many in the United States. REvil, a prolific cybercrime syndicate linked to Russia, took credit for the breach.
The president’s comments follow a statement by Kaseya that the attack never posed a threat to America’s critical infrastructure, which Biden declared off-limits during a summit with Russian President Vladimir Putin last month.
But the attack was another illustration of how cybercriminals believed to be operating from Russia are going crazy in the United States. Biden has tried to pressure Putin into controlling Russian cybercriminals, so far with little visible effect.
The attacks have intensified recently.
Last month, REvil extorted an $ 11 million ransom from meatpacker JBS after entangling its supply chain. In May, an intrusion by another Russian-linked group into the main US fuel carrier Colonial Pipeline led to panic buying, price spikes and gasoline shortages on the East Coast.
The Republican National Committee said Tuesday that it learned over the weekend that third-party vendor Synnex Corp had been breached, but an investigation by Microsoft Corp. (NASDAQ 🙂 determined that no RNC data had been accessed.
White House spokeswoman Jen Psaki said Tuesday that senior US officials would meet with their Russian counterparts next week to discuss the ransomware threat.
“If the Russian government is unable or unwilling to take action against criminal actors residing in Russia, we will take action, or reserve the right to act, on our own,” he said.
The Russian Embassy in Washington and the US National Security Council did not respond to messages seeking more details about the meeting.
On Wednesday, Biden will meet with officials from the Department of Justice, the Department of State, the Department of Homeland Security and the intelligence community to discuss ransomware and the United States’ efforts to counter it, Psaki said.
The attack that hit Kaseya’s customers, many of whom are back office IT stores commonly known as managed service providers, did not have the same kind of impact in the United States as the Colonial Pipeline rescue.
The disruption elsewhere was more severe.
In Sweden, many of the 800 grocery stores run by the Coop chain are still recovering from the attack, which took most of its supermarkets out of service, although a spokesperson told Reuters that “we now have more stores open than closed.” .
In New Zealand, 11 schools and several kindergartens were affected.
Germany’s cybersecurity watchdog, BSI, said Tuesday that it was aware of three IT service providers in Germany that were affected, and a spokesperson estimated that several hundred companies were affected overall.
“In Germany there are no cases as prominent as Sweden,” the spokesperson added.
The hackers who claimed responsibility for the breach have demanded $ 70 million to restore all data from the affected companies, although they have indicated their willingness to moderate their demands in private conversations with a cybersecurity expert and with Reuters.
Kaseya’s CEO told Reuters that he would not reveal whether his company planned to pay the ransom or not, or even if it was negotiating with REvil.
Psaki said that while the administration discouraged such payments, questions about whether the data would be salvaged should be directed to Kaseya.