The massive cyberattack on US software company Kaseya, which could affect up to 1,500 businesses, is heightening tensions between Washington and Moscow less than a month after President Biden pressed Russian President Vladimir Putin to put a stop to such attacks.
The crippling ransomware attack late last week is the latest in a series of incidents linked to Russian-based cyber criminals, who many believe have permission from Putin to destabilize US companies. Tensions with Russia over cybersecurity have risen steadily since December, when the United States discovered a hack of Texas-based IT firm SolarWinds that allowed Russian government-linked hackers to breach nine federal agencies and 100 private sector organizations.
In retaliation for the SolarWinds hack, Biden imposed sanctions on Russia in April, threatening further action if Russian cyber aggression continued.
A series of ransomware attacks linked to Russian-speaking cyber-criminal organizations have only strained relations between the two countries in the months since. These included attacks on the Colonial Pipeline, which supplies 45 percent of the fuel supply to the East Coast, and on JBS USA, the country’s largest beef supplier.
The Kaseya attack, which occurred just before the July 4 holiday weekend, primarily impacted small businesses with limited to no IT capabilities to respond.
Since then, there could have been another cyberattack from Russia.
The same Russian government hackers linked to the SolarWinds hack and the 2016 attack on the Democratic National Committee breached the Republican National Committee last week, according to reports on Tuesday. According to the RNC, no data was stolen. In the midst of the escalating attacks, Biden has prioritized cybersecurity: the Justice Department established a ransomware task force earlier this month, and Biden signed an executive order in May to strengthen the federal government’s cybersecurity.
Biden declined to formally blame Russia for the Kaseya attack on Tuesday, but said he would have “more to say in the coming days.”
“What I can tell you now is that we are getting more details and information, and I am confident in our ability to deal with and respond,” Biden told reporters. During Tuesday’s press briefing, White House press secretary Jen Psaki stated that talks between the US and Russia on cybersecurity issues are ongoing.
“Since President Biden and President Putin’s meeting, we have engaged in expert-level discussions that are ongoing, and we expect to have another meeting next week focused on ransomware attacks,” Psaki said.
“I will simply reiterate the message that these officials are sending, as the president made clear to President Putin during their meeting: If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” she said. It’s unclear what kind of actions are being considered, but some experts argue that sanctions are insufficient.
During the summit last month, Biden presented Putin with a list of 16 critical infrastructure entities, such as water and energy companies, that Russia could not attack without repercussions. While the Kaseya attack was devastating, there was no evidence that any critical groups had been successfully targeted as of Tuesday.
The attackers behind the Kaseya breach have reportedly demanded $50 million in order to provide a “universal decrypter” to every organization affected by the attack, despite the fact that individual companies can pay far less for a key to their specific networks. While Carmakal of FireEye stated that none of his customers had decided to pay, many small businesses are likely to do so, which the federal government does not advise.
However, as the ransomware attacks intensify, the Biden administration will undoubtedly face increasing pressure to take tougher measures against Russia.
“Kaseya is nothing new; the Russians set the precedent, and now they’re waiting to see what we do next,” Lewis explained.
