Official Suggests Consequences Coming to Russia for Ransomware

In this June 16, 2021, photo President Joe Biden meets with Russian President Vladimir Putin in Geneva, Switzerland.

In this June 16, 2021, photo President Joe Biden meets with Russian President Vladimir Putin in Geneva, Switzerland. atrick Semansky/AP

A senior administration official said the U.S. has made specific requests through official channels regarding cyber criminals.

The Biden administration may soon execute overt and covert actions to retaliate against ransomware activities stemming from Russia, according to a senior administration official. 

“We're not going to telegraph what those actions will be precisely,” the official said on a call with reporters Friday. “Some of them will be manifest and visible, some of them may not be, but we expect those to take place in the days and weeks ahead.”

The background press call followed a readout of a call between President Joe Biden and Russian President Vladimir Putin in which the administration said Biden stressed the need for Russia to take action to disrupt ransomware groups operating within its borders.

After the phone call between the presidents, Biden told reporters he’s optimistic about continued collaboration with Russia on the issue.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said, according to a White House press pool report. “And secondly, we’ve set up a means of communication now on a regular basis to be able to communicate with one another when each of us thinks something is happening in another country that affects the home country. And so it went well. I’m optimistic.”

But he also said “yes” when asked whether there would be consequences, as he promised during a summit with Putin in Geneva three weeks ago. At that time, a Russian-speaking group called REvil had claimed responsibility for a ransomware attack on the meat processing company JBS. The same group is now asking for tens of millions to unscramble systems they’re holding hostage from hundreds of smaller U.S. businesses after infiltrating IT management software producer Kaseya.  

During the press call, a reporter noted a readout from the Kremlin that asserted it had not received any requests, including for the arrest of specific cyber criminals. The senior administration official disputed this. 

“What I can say is that we have relayed multiple specific requests for action on cyber criminals to Russia through official channels, and been clear about what Russia's responsibility is with regard to taking action, including again today at the level of the two presidents,” the official said.