The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin.
‘We’re not sure who it is,’ he said, while he celebrated the start of July 4 weekend at a cherry farm in Central Lake, Michigan.
‘The initial thinking was it was not the Russian government but we’re not sure yet.’
He added: ‘If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.’
The warning comes after the two leaders met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia.
In recent months, the nation’s critical infrastructure has fallen victim to attacks from cyber criminal groups thought to be based in Russia, with one of the US’s biggest fuel carriers and one of its biggest meat suppliers each shuttered for days following breaches.
Joe Biden warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 firms in the run-up to July 4 weekend. Biden speaking at a cherry farm store in Central Lake, Michigan Saturday
The warning comes after the two leaders met at the Geneva Summit last month (pictured), where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia
Biden said Saturday he had not spoken with Putin since the latest breach or since their meeting in Geneva.
However, he said he should know more about the latest attack Sunday when he is briefed by US intelligence officials.
‘I directed the full resources of the government to assist in the response if needed,’ he said.
‘I directed the intelligence community to give me a deep dive on what’s happened. I’ll know better tomorrow.’
The US Cybersecurity and Infrastructure Security Agency (CISA) said Friday it was ‘taking action to understand and address the recent supply-chain ransomware attack.’
Around 200 US businesses were impacted by a ‘colossal’ cyber attack Friday, paralyzing their computer networks.
Worldwide, more than a thousand firms across at least 17 countries are thought to have also been affected.
The hackers first targeted Florida-based IT company Kaseya before spreading to other firms that use the company’s software.
The breach was discovered Friday afternoon as many businesses had already closed or waved goodbye to employees for the long Independence Day weekend.
Kaseya said it notified the FBI and had so far found less than 40 customers impacted by the breach.
Security firm Huntress said Friday it believed the Russia-linked REvil ransomware cyber gang was to blame.
Last month, the FBI blamed the same group for paralyzing US meat packer JBS.
Biden tours a cherry orchard with Michigan Senators Debbie Stabenow (right), and Senator Gary Peters (left) at King Orchards, a fruit farm in Central Lake, Michigan Saturday
Biden told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin
The president posed for a photo Saturday in the cherry orchard. Biden said he should know more about the latest attack Sunday when he is briefed by US intelligence officials
The hackers that struck Friday hijacked widely used technology management software from Kaseya then changed a Kaseya tool called VSA.
VSA is used by IT professionals to manage technology including servers, desktops, network devices and printers at smaller businesses.
The cybercriminals then encrypted the files of those providers’ customers simultaneously.
Huntress said 20 managed service providers had been used to infect more than 1,000 businesses.
Huntress senior security researcher John Hammond warned that the number of those affected is likely to increase, as he described the incident as ‘a colossal and devastating supply chain attack.’
This type of hacking is especially damaging as by going after MSPs the hackers can reach many more victims – by breaching the systems of their customers as well.
The full extent of the breach and how many companies have been affected is not yet clear.
Among those affected is Synnex – an MSP used by the Republican National Committee (RNC), reported Bloomberg.
A spokesman said Microsoft had alerted the RNC that Synnex ‘may have been exposed’ but said there was ‘no indication’ the RNC was also victim to an attack or that any sensitive information had been stolen from the committee.
Security firm Huntress said Friday it believed the Russia-linked REvil ransomware gang was to blame for the latest attack. Last month, the FBI blamed the same group for paralyzing US meat packer JBS (the JBS meat plant is viewed in Plainwell, Michigan)
The JBS hack came just weeks after an attack on Colonial Pipeline (Colonial Pipeline’s Dorsey Junction Station in Woodbine, Maryland pictured)
Cyber attack on US IT provider forces Swedish grocery store chain to close ALL 800 stores
The Swedish Coop grocery store chain closed all its 800 stores on Saturday after the ransomware attack on Kaseya left it unable to operate its cash registers.
According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.
‘We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,’ Coop spokesperson Therese Knapp told Swedish Television.
The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.
State railways services and a pharmacy chain were also impacted by the attack.
‘They have been hit in various degrees,’ Visma Esscom chief executive Fabian Mogren told TT.
Defence Minister Peter Hultqvist told Swedish Television the attack was ‘very dangerous’ and showed business and state agencies need to better prepare. ‘In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,’ he said.
Some cybersecurity researchers believe the ransomware attack could be one of the broadest on record.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said ‘the number of victims here is already over a thousand and will likely reach into the tens of thousands.’
He added: ‘No other ransomware campaign comes even close in terms of impact.’
Cybersecurity firm ESET said there are victims in least 17 countries, including the UK, South Africa, Canada, Argentina, Mexico and Spain.
In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, while the Swedish State Railways and a major local pharmacy chain were also affected.
It is unclear how many organizations have since received ransom demands from the hackers in exchange for getting their systems back up and running again.
The FBI has urged companies not to pay ransoms but, in two of the biggest recent cyber attacks, it transpired that the victims bowed to the demands of the cyber criminals.
JBS, the nation’s largest meat supplier, paid an $11million ransom in Bitcoin to the hackers who shut down its US plants.
It had learned of an attack on May 30 after finding ‘irregularities’ on its servers and a ransom note.
This forced the supplier to shut down its computer servers, suspending meat production systems at its US plants for four days.
The FBI said in June REvil – the Russian cybercriminal group also known as Sodinokibi which is known to be one of the most prolific cyber gangs in the world – was behind the breach.
This came just weeks after Colonial Pipeline fell victim to an attack that forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide.
Huntress Labs tweeted about the breach Friday. Its senior security researcher John Hammond described the attack as ‘a colossal and devastating supply chain attack’
It sparked concerns of a national fuel crisis with thousands of gas stations running out of fuel and motorists racing to fill up their cars, pushing the national average price of gas past $3 for the first time since 2014.
Colonial Pipeline shelled out almost $5million to DarkSide to get its pipeline back online as soon as possible.
DarkSide is a criminal cybergroup also believed to be based in Russia or Eastern Europe with ties to Russia.
Officials said the hack was the most disruptive cyberattack on energy infrastructure in American history.
Back in December, several government agencies and top businesses were breached by a suspected Russian-state-sponsored group Nobelium via the SolarWind software.
Biden met with Putin two weeks after the JBS attack at a summit in Geneva, Switzerland, on June 16.
At the meeting he urged the Russian president to crack down on cyber hackers emanating from Russia.
Biden and Putin met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia
Biden told Putin that 16 types of critical infrastructure – including food and agriculture, emergency services and health care – should be ‘off-limits’ to cyberattacks and warned of consequences if such attacks continued.
In the meeting, Putin denied that Russia was behind recent attacks.
However, tensions have continued to mount since then with the US and British authorities on Thursday saying Russian spies accused of interfering in the 2016 US presidential election spent the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide.
Russia’s embassy in Washington denied the allegations Friday.
The Biden administration is making cybersecurity an increased priority in the wake of the recent attacks.
Earlier this month, it was revealed that the US Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals.
The FBI has also put cybersecurity high on its agenda with its fiscal year 2022 budget proposal including an additional $40million for cybersecurity investigations.
It also includes another $15million to help the FBI improve its own cybersecurity.