US President Joe Biden says he has ordered a probe into the latest ransomware attack, noting the “initial thinking” is that the Russian government is not behind the attack.
Speaking to reporters in Traverse City, Mich. on Saturday, Biden said he has directed the “full resources of the federal government” to investigate the attack that targeted over 1,000 American companies.
He went on to say that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
During a summit in Geneva on June 16, Biden said he and Putin agreed to work together to address cybersecurity concerns, such as ransomware attacks on critical infrastructure.
Biden said he told Putin to clamp down on cyber hackers allegedly emanating from Russia, warning of consequences if such attacks continued to proliferate.
"If it is either with the knowledge of and/or a consequence of Russia then I told Putin we will respond," Biden said Sunday, referring to what he told Putin in Geneva.
The latest attack comes after US and British authorities said Thursday Russian spies accused of interfering in the 2016 US presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations around the world. The latest allegation was denied by Russia's embassy in Washington on Friday.
The newest cyberattack is suspected to have been launched by the same group that hit meat supplier JBS Foods this spring.
Among the companies hit in the attack was Kaseya Ltd., a Miami-based developer of software for managed service providers, according to cybersecurity experts.
The cyberattackers, whom US cybersecurity experts said likely operated out of Russia, managed to smuggle ransomware onto the network platform of Kaseya, whose signature VSA software is widely used by IT management companies and other businesses around the world.
The attack may have compromised hundreds of Kaseya’s IT management clients.
The company said it was “investigating the root cause of the incident with an abundance of caution,” but told customers to immediately shut down the VSA server until further notice.