CENTRAL LAKE (Michigan) • President Joe Biden says he has directed United States intelligence agencies to investigate who was behind a sophisticated ransomware attack that hit hundreds of American businesses and led to suspicions of Russian gang involvement.
Security firm Huntress Labs said last Friday it believed the Russia-linked REvil ransomware gang was to blame for the latest ransomware outbreak. Last month, the FBI blamed the same group for paralysing meat packer JBS.
Mr Biden, on a visit to Michigan to promote his vaccination programme, was asked about the hack while shopping for pies at a cherry orchard market. Mr Biden said "we're not certain" who is behind the attack. "The initial thinking was it was not the Russian government, but we're not sure yet," he said.
Mr Biden said he had directed US intelligence agencies to investigate, and the US will respond if they determine Russia is to blame.
During a summit in Geneva on June 16, Mr Biden urged Russian President Vladimir Putin to crack down on cyber hackers emanating from Russia, and warned of consequences if such ransomware attacks continued to proliferate.
Mr Biden was set to receive a briefing about the latest attack yesterday. "If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond," Mr Biden said, referring to what he told Mr Putin in Geneva.
The hackers who struck last Friday hijacked widely used technology management software from a Miami-based supplier called Kaseya.
They changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers' customers simultaneously.
Kaseya said on its own website last Friday that it was investigating a "potential attack" on VSA, which is used by IT professionals to manage servers, desktops, network devices and printers.
In a statement last Friday, the US Cybersecurity and Infrastructure Security Agency said it was "taking action to understand and address the recent supply chain ransomware attack" against Kaseya's VSA product.
Supply chain attacks have crept to the top of the cyber security agenda after the US accused hackers of operating at the Russian government's direction and tampering with a network monitoring tool built by Texas software firm SolarWinds.
Last Thursday, US and British authorities said Russian spies accused of interfering in the 2016 US presidential election have spent much of the past two years abusing virtual private networks to target hundreds of organisations worldwide.