- US President Joe Biden has asked the country’s intelligence agencies to investigate the perpetrator of a sophisticated ransomware attack.
- The attack affected hundreds of US businesses and raised suspicions about the Russian-linked REvil ransomware gang.
- Recently, the FBI accused the same Russian gang of crippling meat packer JBS SA, according to official reports.
President Joe Biden said on Saturday he had asked US intelligence agencies to investigate the perpetrators of a sophisticated ransomware attack that affected hundreds of US businesses and led to suspicions of Russian gang involvement. .
Security firm Huntress Labs said on Friday it believed the Russian-linked REvil ransomware gang was to blame for the latest ransomware outbreak. Last month, the FBI accused the same group of crippling meat packer JBS SA.
Biden, visiting Michigan to promote its vaccination program, was asked about the hack while shopping for pies at a cherry tree market.
Biden said “we don’t know” who is behind the attack. “The initial thought was that it was not the Russian government but we are not sure yet,” he said.
Biden said he asked U.S. intelligence agencies to investigate, and the United States will respond if it determines Russia is to blame.
At a summit in Geneva on June 16, Biden urged Russian President Vladimir Putin to crack down on hackers emanating from Russia and warned of the consequences if such ransomware attacks continued to escalate.
NOTICE | Biden and Putin try to end cyber warfare by John Matisonn
Biden said he would receive a briefing on the latest attack on Sunday.
“If it’s knowingly and / or as a consequence of Russia, I have told Putin that we will respond,” Biden said, referring to what he said to Putin in Geneva.
The hackers who struck Friday hijacked widely used technology management software from a Miami-based vendor called Kaseya.
They modified a Kaseya tool called VSA, which is used by companies that manage technology in small businesses. They then simultaneously encrypted the files of the customers of these suppliers.
Huntress said he was tracking eight managed service providers who had been used to infect some 200 customers.
Kaseya said on her own website Friday that it was investigating a “potential attack” on VSA, which is used by IT professionals to manage servers, desktops, network devices and printers.
WATCH | Biden celebrates new citizens as US launches naturalization effort
“This is a colossal and devastating supply chain attack,” John Hammond, senior security researcher at Huntress, said in an email, referring to an increasingly publicized hacking technique consisting of hijack software to compromise hundreds or thousands of users at a time.
In a statement released Friday, the US Agency for Cybersecurity and Infrastructure Security said it was “taking action to understand and resolve the recent supply chain ransomware attack” against Kaseya’s VSA product.
Supply chain attacks have crept to the top of the cybersecurity agenda after the United States accused hackers of operating under the leadership of the Russian government and tampering with a designed network monitoring tool by Texas software company SolarWinds.
US and UK officials on Thursday said Russian spies accused of meddling in the 2016 US presidential election had spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations in the world.
The Russian embassy in Washington denied the accusation on Friday.
Subscribe to News24