Biden Official Credits Diplomacy With Russia for Arrest of Colonial Pipeline Hacker

A senior administration official put questionable timing aside and commended the Kremlin’s arrest Friday of individuals Russian officials say comprise the notorious REvil ransomware group, which U.S. officials have attributed to attacks on critical infrastructure.    

“We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring,” the senior administration official said on a call with reporters Friday. “We welcome reports that the Kremlin is taking law enforcement steps to address ransomware emanating from its borders. The President believes in diplomacy.”

The kudos tempered a broader struggle between Russia and U.S. allies over Ukraine’s bid for membership within the North Atlantic Treaty Organization, NATO, which would then be obliged to come to its defense if Russian troops—poised along the border—were to overtake it as in 2014 with the annexation of Crimea. Some cybersecurity observers say the arrests could have happened months ago but now conveniently draw attention away from Russia’s aggression on its neighbor’s autonomy. But the senior administration official maintained a separation of the events.

“I want to be very clear: in our mind, this is not related to what's happening with Russia and Ukraine. I don't speak for the Kremlin's motives, but we're pleased with these initial actions,” the official said. “We've also been very clear: if Russia further invades Ukraine, we will impose severe costs on Russia in coordination with our allies and partners. As the president has said, cyber criminals are resilient, and we will continue to take action to disrupt and deter them while engaging in diplomacy as we have with Russia, allies and partners around the world.” 

The senior U.S. administration official said President Biden has been briefed on a cyberattack Friday that took down several Ukranian government websites and that officials have offered their support but have made no attribution.

“While we continue to assess the impact with the Ukrainians, it seems limited so far, with multiple websites coming back online,” the official said. 

The US and Russian statements both credited new information sharing channels between the two countries with the REvil-group arrests. 

“The basis for the search activities was the appeal of the competent US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption,” reads the announcement from Russia’s Federal Security Service. “The FSB of Russia established the full composition of the REvil criminal community and the involvement of its members in the illegal circulation of means of payment, and documented illegal activities.”

There is no extradition treaty between the U.S. and Russia. Going forward, the official said the administration’s expectation is that Russia will pursue legal action within their own system to bring those arrested to justice.