Joe Biden Says US Government Not Sure Who Is Behind Ransomware Attack – But Does Not Rule Out Russia | News from science and technology
Joe Biden said his government wasn’t sure who was behind a major ransomware attack that hit hundreds of US companies – but he wasn’t ruling out Russian influence.
It is believed that there has been a “colossal and devastating” ransomware attack paralyzed the networks from at least 200 US companies.
The federal agency for cybersecurity and infrastructure security has announced that it will be closely monitoring the situation and working with the FBI to gather more information on the impact of the attack.
President Biden said the government’s “first line of thinking” was that Russian hackers weren’t behind the attack, but added that they “weren’t sure yet”.
The president added that he had directed intelligence agencies to investigate and that if a Russian attack were to occur, there would be a response.
The Swedish grocery chain Coop closed all of its 800 branches on Saturday after its American IT provider was hit by the attack, so that it could no longer service its registers.
John Hammond of security firm Huntress Labs previously said the REvil gang, a large Russian-speaking ransomware syndicate, appears to be responsible for the attack.
REvil steals data from its targets before it does Ransomware to intensify his extortion efforts.
Hammond said the criminals targeted a software provider named Kaseya and used its network management to spread the ransomware through cloud service providers.
“Kaseya is serving large businesses to small businesses around the world, so (this) ultimately has the potential to expand to businesses of any size or scale,” he said on Twitter.
“This is a colossal and devastating attack on the supply chain.”
He added that he knew that four companies that host IT infrastructures for multiple customers have been affected by the ransomware that encrypts networks until the victims pay the attackers.
“We currently have three Huntress partners who are affected by approximately 200 encrypted companies,” he said.
Experts believe that the attack was deliberately placed on the July 4th holiday weekend, when traditionally fewer IT staff are on duty.
Such cyberattacks typically infiltrate widespread software and spread malware while it is automatically updated.
It is not yet clear how many Kaseya customers could be affected or who they could be.
Kaseya said the attack was limited to a “small number” of its customers and urged them to immediately shut down servers running the affected software.
The privately owned Kaseya is based in Dublin and its US headquarters in Miami.