The massive cyberattack on U.S. software company Kaseya, potentially impacting up to 1,500 businesses, is ramping up tensions between Washington and Moscow less than a month after President Biden pressed Russian President Vladimir Putin to curb such attacks.
The crippling ransomware attack from late last week is the latest in a string of incidents linked to Russian-based cyber criminals who are viewed by many as having a green light from Putin to destabilize U.S. companies.
Biden is now under pressure to respond.
“Putin could have put out the word, ‘Back off, don’t do anything until we sort this out with the Americans.’ Clearly, he didn't do that. ... I think he’s doubled down on confrontation,” said James Lewis, a senior vice president at the Center for Strategic and International Studies.
“They are waiting to see if we’ll do anything. It’s actions, not words, that count with the Russians,” he added.
Tensions with Russia over cybersecurity have steadily increased since December, when the U.S. discovered a hack of Texas-based IT group SolarWinds that had allowed Russian government-linked hackers to breach nine federal agencies and 100 private sector groups.
Biden levied sanctions on Russia in April in retaliation for the SolarWinds hack, and warned that he would take further actions if Russian cyber aggression persisted.
In the months since, a string of ransomware attacks linked to Russian-speaking cyber criminal organizations have only made relations between the two nations worse. These included attacks on Colonial Pipeline, which provides 45 percent of the East Coast’s fuel supply, and on JBS USA, the nation’s largest beef supplier.
The Kaseya attack, launched just before the July 4 holiday weekend, largely affected small businesses that have little to no IT capabilities to respond.
There may have been yet another Russia-based cyberattack since then.
On Tuesday, Bloomberg News reported that the same Russian government hackers linked to the SolarWinds hack and the 2016 attack on the Democratic National Committee breached the Republican National Committee (RNC) last week. The RNC said no data was stolen.
“I feel like every week somebody asks me, 'How bad is the problem?' My answer is, ‘It’s the worst it's ever been.’ But I prove myself wrong in a week, or in two weeks, because then it’s the worst it’s ever been,” Charles Carmakal, senior vice president at FireEye’s Mandiant Threat Intelligence, told The Hill on Tuesday.
“Again I’ll say, ‘Look, this is the worst it’s ever been.’ The size, the scope of this most recent situation is frustrating,” he said. “It’s frustrating to victims; it’s frustrating to technology companies; it’s frustrating to security companies; it’s frustrating to the government.”
Amid the escalating attacks, Biden has made cybersecurity a priority: The Justice Department established a ransomware task force earlier this month, and Biden signed an executive order in May aimed at strengthening the federal government’s cybersecurity.
Biden on Tuesday declined to formally blame Russia for the Kaseya attack, but noted he would have “more to say in the next several days.”
“We are getting more details and information, that is what I can tell you now, and I feel good about our ability to deal and respond,” Biden told reporters.
White House press secretary Jen Psaki said during Tuesday’s briefing that talks are ongoing between the U.S. and Russia on cybersecurity concerns.
“Since the meeting between President Biden and President Putin, we have undertaken expert-level talks that are continuing and we expect to have another meeting next week focused on ransomware attacks,” Psaki said.
“I will just reiterate the message that these officials are sending, as the president made clear to President Putin when they met: If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” she said.
It’s unclear what kind of actions are on the table, but some experts argue that sanctions are not nearly enough.
“Sanctions are worthless, the Russians just shrug off sanctions. There are so many on them they don’t even notice them anymore,” Lewis said.
During last month’s summit, Biden gave Putin a list of 16 critical infrastructure entities, such as water and energy groups, that Russia could not attack without consequences. While the Kaseya attack was damaging, there was no evidence as of Tuesday that any critical groups had been successfully targeted.
“The Russians game everything, and so they gamed this one because the president said, ‘Here are 16 critical infrastructures you can’t attack,’ and they can argue that ‘hey, we didn’t attack any critical infrastructure,’ ” Lewis said. “If we don’t do something a little firmer than saying, ‘Oh well, just another attack,’ we can expect more of these.”
The attackers behind the Kaseya breach are reportedly demanding $50 million to provide a “universal decrypter” to every organization affected by the attack, though the individual companies can pay far less for a key to their specific networks.
While Carmakal of FireEye said that none of his customers had decided to pay, many small companies likely would, a course of action the federal government does not recommend.
But as the ransomware attacks grow, the Biden administration is certain to come under more and more pressure to take tougher actions against Russia.