- US President Joe Biden has directed the nation’s intelligence agencies to investigate who was behind a sophisticated ransomware attack.
- The attack infected hundreds of US companies and raised suspicions about the REvil ransomware ring linked to Russia.
- Most recently, the FBI blamed the same Russian gang for crippling JBS SA, according to official reports.
President Joe Biden said Saturday that he has directed US intelligence agencies to investigate who is responsible for a sophisticated ransomware attack that infected hundreds of American companies and led to suspicions of Russian gang involvement.
Security firm Huntress Labs said Friday it believes the Russia-linked REvil ransomware gang is responsible for the recent ransomware outbreak. Last month, the FBI blamed the same group for crippling meatpacking company JBS SA.
Biden, who was on a visit to Michigan to promote his vaccination program, was asked about the hack while shopping for pies at a cherry orchard market.
“We are not sure” who was behind the attack, Biden said. “The initial thinking was that it wasn’t the Russian government, but we’re not sure yet,” he said.
Biden said he directed US intelligence agencies to investigate, and the US would respond if they determined that Russia was responsible.
During a summit in Geneva on June 16, Biden urged Russian President Vladimir Putin to crack down on hackers emanating from Russia, and warned of the consequences if these ransomware attacks continue to spread.
opinion | Biden and Putin try to end cyberwar by John Mattison
Biden said he will receive a briefing on the latest attack on Sunday.
“If it was with Russia’s knowledge and/or as a result of it, I told Putin we would respond,” Biden said, referring to what he told Putin in Geneva.
The hackers who struck on Friday hijacked widely used technology management software from a Miami-based resource called Kaseya.
They changed Kaseya’s tool called VSA, used by companies that manage technology in small businesses. They then encrypt these providers’ client files simultaneously.
Huntress said it was tracking eight managed service providers that were used to infect about 200 customers.
On its website Friday, Kaseya said it was investigating a “potential attack” on VSA, which IT professionals use to manage servers, desktop computers, network devices and printers.
Watch | Biden celebrates new citizens as US launches naturalization efforts
“This is a massive and devastating attack on the supply chain,” John Hammond, Huntress’s chief security researcher, said in an email, referring to an increasingly prominent hacker’s method of hijacking a single piece of software to put hundreds or thousands of users at risk at once.
In a statement on Friday, the US Cyber and Infrastructure Security Agency said it was “taking action to understand and address the recent supply chain ransomware attack” against the Kaseya VSA product.
Supply chain attacks crept to the top of the cybersecurity agenda after the United States accused hackers of operating at the direction of the Russian government and tampering with a network monitoring tool set up by Texas-based software company SolarWinds.
US and British authorities said Thursday that Russian spies accused of interfering in the 2016 US presidential election have spent most of the past two years misusing virtual private networks (VPNs) to target hundreds of organizations around the world.
On Friday, the Russian embassy in Washington denied the accusation.
Did you know that you can comment on this article? Subscribe to News24 And add your voice to the conversation.