Biden says the US WILL retaliate if Russia was behind the mass cyberattack that hit 200 firms

‘Weak against Putin’: Biden is slammed for slow response to Friday’s global cyberattack that has affected at least 1,000 US firms after saying he will decide on July 4 if Russia and Putin are to blame

  • The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses 
  • He warned the US ‘will respond’ if it is tied to Russian President Vladimir Putin  
  • Biden said he will know more Sunday when he is briefed by US intelligence 
  • A mass cyberattack hit at least 1,000 US firms in the run-up to July 4 weekend 
  • Security firm Huntress said Russia-linked REvil cyber gang was to blame 
  • It’s the latest in a string of attacks on US companies from cyber criminal groups thought to be based in Russia
  • Colonial Pipeline was forced to shutter following a breach in May cutting of fuel along one of the nation’s biggest pipelines and sparking a fuel crisis
  • The US’s biggest beef supplier JBS was hacked weeks later – also by REvil
  • Biden warned Putin at the Geneva Summit last month there would be consequences if ransomware attacks continued to hit the US

President Joe Biden has been slammed as ‘weak’ for his allegedly slow response to a global cyberattack that has affected at least 1,000 companies in the United States.

House Minority Leader Kevin McCarthy tweeted on Saturday, referencing news from June that Biden had given Russian president Vladimir Putin a list of targets that were off-limits to cyber attacks.

‘Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits,’ McCarthy tweeted.

He added: ‘Biden is soft on crime and weak against Putin.’ 

Biden has warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 American firms in the run-up to July 4 weekend. 

Joe Biden warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 firms in the run-up to July 4 weekend. Biden speaking at a cherry farm store in Central Lake, Michigan Saturday

Joe Biden warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 firms in the run-up to July 4 weekend. Biden speaking at a cherry farm store in Central Lake, Michigan Saturday

Joe Biden warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 firms in the run-up to July 4 weekend. Biden speaking at a cherry farm store in Central Lake, Michigan Saturday

The warning comes after the two leaders met at the Geneva Summit last month (pictured), where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

The warning comes after the two leaders met at the Geneva Summit last month (pictured), where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

The warning comes after the two leaders met at the Geneva Summit last month (pictured), where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin.

‘We’re not sure who it is,’ he said, while he celebrated the start of July 4 weekend at a cherry farm in Central Lake, Michigan.

‘The initial thinking was it was not the Russian government but we’re not sure yet.’

He added: ‘If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.’  

The warning comes after the two leaders met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia.

House Minority Leader Kevin McCarthy tweeted on Saturday, referencing news from June that Biden had given Russian president Vladimir Putin a list of targets that were off-limits to cyber attacks

House Minority Leader Kevin McCarthy tweeted on Saturday, referencing news from June that Biden had given Russian president Vladimir Putin a list of targets that were off-limits to cyber attacks

House Minority Leader Kevin McCarthy tweeted on Saturday, referencing news from June that Biden had given Russian president Vladimir Putin a list of targets that were off-limits to cyber attacks

'Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits,' McCarthy tweeted

'Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits,' McCarthy tweeted

 ‘Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits,’ McCarthy tweeted

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said he believes the latest attack is financially motivated and not Kremlin-directed.

However, he said it shows that Putin ‘has not yet moved’ on shutting down cybercriminals within Russia after Biden pressed him to do so at their June summit in Switzerland. 

In recent months, the nation’s critical infrastructure has fallen victim to attacks from cyber criminal groups thought to be based in Russia, with one of the US’s biggest fuel carriers and one of its biggest meat suppliers each shuttered for days following breaches.  

Biden said Saturday he had not spoken with Putin since the latest breach or since their meeting in Geneva. 

The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses

The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses

The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses

However, he said he should know more about the latest attack Sunday when he is briefed by US intelligence officials. 

‘I directed the full resources of the government to assist in the response if needed,’ he said. 

‘I directed the intelligence community to give me a deep dive on what’s happened. I’ll know better tomorrow.’

The US Cybersecurity and Infrastructure Security Agency (CISA) said Friday it was ‘taking action to understand and address the recent supply-chain ransomware attack.’ 

Around 200 US businesses were impacted by a ‘colossal’ cyber attack Friday, paralyzing their computer networks.

Worldwide, more than a thousand firms across at least 17 countries are thought to have also been affected. 

The hackers first targeted Florida-based IT company Kaseya before spreading to other firms that use the company’s software.  

The breach was discovered Friday afternoon as many businesses had already closed or waved goodbye to employees for the long Independence Day weekend.  

Kaseya said it notified the FBI and had so far found less than 40 customers impacted by the breach. 

Security firm Huntress said Friday it believed the Russia-linked REvil ransomware cyber gang was to blame. 

Last month, the FBI blamed the same group for paralyzing US meat packer JBS.  

Biden tours a cherry orchard with Michigan Senators Debbie Stabenow (right), and Senator Gary Peters (left) at King Orchards, a fruit farm in Central Lake, Michigan Saturday

Biden tours a cherry orchard with Michigan Senators Debbie Stabenow (right), and Senator Gary Peters (left) at King Orchards, a fruit farm in Central Lake, Michigan Saturday

Biden tours a cherry orchard with Michigan Senators Debbie Stabenow (right), and Senator Gary Peters (left) at King Orchards, a fruit farm in Central Lake, Michigan Saturday

Biden told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach but insisted that he 'will respond' if it is tied to Russian President Vladimir Putin

Biden told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach but insisted that he 'will respond' if it is tied to Russian President Vladimir Putin

Biden told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin

The president posed for a photo Saturday in the cherry orchard. Biden said he should know more about the latest attack Sunday when he is briefed by US intelligence officials

The president posed for a photo Saturday in the cherry orchard. Biden said he should know more about the latest attack Sunday when he is briefed by US intelligence officials

The president posed for a photo Saturday in the cherry orchard. Biden said he should know more about the latest attack Sunday when he is briefed by US intelligence officials

The hackers that struck Friday hijacked widely used technology management software from Kaseya then changed a Kaseya tool called VSA. 

VSA is used by IT professionals to manage technology including servers, desktops, network devices and printers at smaller businesses. 

The cybercriminals then encrypted the files of those providers’ customers simultaneously. 

Huntress said 20 managed service providers had been used to infect more than 1,000 businesses.

Huntress senior security researcher John Hammond warned that the number of those affected is likely to increase, as he described the incident as ‘a colossal and devastating supply chain attack.’ 

This type of hacking is especially damaging as by going after MSPs the hackers can reach many more victims – by breaching the systems of their customers as well.   

The full extent of the breach and how many companies have been affected is not yet clear.  

Among those affected is Synnex – an MSP used by the Republican National Committee (RNC), reported Bloomberg.

A spokesman said Microsoft had alerted the RNC that Synnex ‘may have been exposed’ but said there was ‘no indication’ the RNC was also victim to an attack or that any sensitive information had been stolen from the committee.   

Security firm Huntress said Friday it believed the Russia-linked REvil ransomware gang was to blame for the latest attack. Last month, the FBI blamed the same group for paralyzing US meat packer JBS (the JBS meat plant is viewed in Plainwell, Michigan)

Security firm Huntress said Friday it believed the Russia-linked REvil ransomware gang was to blame for the latest attack. Last month, the FBI blamed the same group for paralyzing US meat packer JBS (the JBS meat plant is viewed in Plainwell, Michigan)

Security firm Huntress said Friday it believed the Russia-linked REvil ransomware gang was to blame for the latest attack. Last month, the FBI blamed the same group for paralyzing US meat packer JBS (the JBS meat plant is viewed in Plainwell, Michigan)

The JBS hack came just weeks after an attack on Colonial Pipeline (Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland pictured)

The JBS hack came just weeks after an attack on Colonial Pipeline (Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland pictured)

The JBS hack came just weeks after an attack on Colonial Pipeline (Colonial Pipeline’s Dorsey Junction Station in Woodbine, Maryland pictured) 

Cyber attack on US IT provider forces Swedish grocery store chain to close ALL 800 stores 

The Swedish Coop grocery store chain closed all its 800 stores on Saturday after the ransomware attack on Kaseya left it unable to operate its cash registers.

According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.

‘We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,’ Coop spokesperson Therese Knapp told Swedish Television.

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.

State railways services and a pharmacy chain were also impacted by the attack.

‘They have been hit in various degrees,’ Visma Esscom chief executive Fabian Mogren told TT.

Defence Minister Peter Hultqvist told Swedish Television the attack was ‘very dangerous’ and showed business and state agencies need to better prepare. ‘In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,’ he said.

Advertisement

Some cybersecurity researchers believe the ransomware attack could be one of the broadest on record.

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said ‘the number of victims here is already over a thousand and will likely reach into the tens of thousands.’ 

He added: ‘No other ransomware campaign comes even close in terms of impact.’

Cybersecurity firm ESET said there are victims in least 17 countries, including the UK, South Africa, Canada, Argentina, Mexico and Spain.

In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, while the Swedish State Railways and a major local pharmacy chain were also affected. 

It is unclear how many organizations have since received ransom demands from the hackers in exchange for getting their systems back up and running again. 

The FBI has urged companies not to pay ransoms but, in two of the biggest recent cyber attacks, it transpired that the victims bowed to the demands of the cyber criminals.   

JBS, the nation’s largest meat supplier, paid an $11million ransom in Bitcoin to the hackers who shut down its US plants.

It had learned of an attack on May 30 after finding ‘irregularities’ on its servers and a ransom note.

This forced the supplier to shut down its computer servers, suspending meat production systems at its US plants for four days. 

The FBI said in June REvil – the Russian cybercriminal group also known as Sodinokibi which is known to be one of the most prolific cyber gangs in the world – was behind the breach. 

This came just weeks after Colonial Pipeline fell victim to an attack that forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide. 

Huntress Labs tweeted about the breach Friday. Its senior security researcher John Hammond described the attack as 'a colossal and devastating supply chain attack'

Huntress Labs tweeted about the breach Friday. Its senior security researcher John Hammond described the attack as 'a colossal and devastating supply chain attack'

Huntress Labs tweeted about the breach Friday. Its senior security researcher John Hammond described the attack as ‘a colossal and devastating supply chain attack’

The attack forced the pipeline offline on May 7, halting 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey.

It sparked concerns of a national fuel crisis with thousands of gas stations running out of fuel and motorists racing to fill up their cars, pushing the national average price of gas past $3 for the first time since 2014.  

Colonial Pipeline shelled out almost $5million to DarkSide to get its pipeline back online as soon as possible.  

DarkSide is a criminal cybergroup also believed to be based in Russia or Eastern Europe with ties to Russia. 

Officials said the hack was the most disruptive cyberattack on energy infrastructure in American history. 

Back in December, several government agencies and top businesses were breached by a suspected Russian-state-sponsored group Nobelium via the SolarWind software. 

Biden met with Putin two weeks after the JBS attack at a summit in Geneva, Switzerland, on June 16. 

At the meeting he urged the Russian president to crack down on cyber hackers emanating from Russia.   

Biden and Putin met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

Biden and Putin met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

Biden and Putin met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia

Biden told Putin that 16 types of critical infrastructure – including food and agriculture, emergency services and health care – should be ‘off-limits’ to cyberattacks and warned of consequences if such attacks continued.

In the meeting, Putin denied that Russia was behind recent attacks.   

However, tensions have continued to mount since then with the US and British authorities on Thursday saying Russian spies accused of interfering in the 2016 US presidential election spent the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide.

Russia’s embassy in Washington denied the allegations Friday. 

The Biden administration is making cybersecurity an increased priority in the wake of the recent attacks.

Earlier this month, it was revealed that the US Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals.  

The FBI has also put cybersecurity high on its agenda with its fiscal year 2022 budget proposal including an additional $40million for cybersecurity investigations.  

It also includes another $15million to help the FBI improve its own cybersecurity.   

Advertisement

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow by Email
Pinterest
LinkedIn
Share