U.S., Russian Officials to Meet Following Kaseya Ransomware Attack

Senior members of the Biden administration’s national security team plan to meet with senior members of the Kremlin following a supply-chain attack that delivered ransomware to as many as 1,500 entities via network management software firm Kaseya, according to White House Press Secretary Jen Psaki.

Psaki said the officials have been meeting since the June 16 summit in Geneva between Presidents Joe Biden and Vladimir Putin where Biden shared a list of critical infrastructure the U.S. considers off-limits to nation-state actors. The meeting came after high-profile attacks on network management company SolarWinds, the Colonial Pipeline company and meat processing company JBS.

“Since the meeting between President Biden and President Putin we have undertaken expert-level talks that are continuing, and we expect to have another meeting next week focused on ransomware attacks,” Psaki said.

Pskai said the intelligence community has not attributed the attack on Kaseya, but a criminal gang called REvil—the same group claiming responsibility for the JBS hack—demanded $70 million to unlock businesses snagged in the attack. She said the administration is continuing to stress that Russia still has responsibility for addressing the issue as cybersecurity professionals believe REvil operates out of Russia.

“I will just reiterate a message that these officials are sending,” she said, “As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.”

In a Tuesday press release, Kaseya asserted that critical infrastructure was never in danger from the attack on its customers, which are mainly managed service providers, and credited what it said was a quick response in coordination with government agencies for avoiding a much greater compromise.

“While impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure,” the company said. “Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists’ offices, small accounting offices and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.”

Asked about the implications of the company’s assessment for engagements with Russian officials, Psaki said the U.S. reserves the right to respond whether or not critical infrastructure was involved. 

“Regardless of whether a cyberattack impacts critical infrastructure, we take it seriously and we reserve the option of responding in a manner and mechanism of our choosing,” she said.

Psaki also noted plans for Biden to meet Wednesday with U.S. officials to review options for addressing ransomware within the private sector.

“Tomorrow the president will convene key leaders across the interagency including the State Department, Department of Justice, [Department of Homeland Security] and members of the intelligence community to discuss ransomware, and our overall strategic efforts to counter it,” she said. “What he had asked the team to do several weeks ago was to review and assess what our options are and how we can better, again, put in place partnerships with the private sector, best practices, what levers we have from the federal government.”