Ransomware attacks on US businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior US and Russian officials next week, the White House said.
“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.
“If the Russian government cannot or will not take action against criminal actors residing in Russia we will take action, or reserve the right to take action, on our own,” she said.
The Russian Embassy in Washington and the US National Security Council did not immediately return messages seeking further details about the meeting.
The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States.
It was blamed on REvil, a prolific, Russia-linked cybercrime syndicate that had claimed tens of millions of dollars by holding Western firms’ data hostage in return for digital currency.
Even though Kaseya said the attack never posed a threat to critical US infrastructure – something President Joe Biden declared off-limits to disruptive attacks during his summit with Russian President Vladimir Putin last month – it was another illustration of how cybercriminals believed to be operating from Russia are running amok in the United States.
The attacks have escalated dramatically recently.
Last month REvil extorted meatpacker JBS into paying an US$11 million ransom after snarling its supply chain.
In May an intrusion at major US fuel transporter Colonial Pipeline led to panic buying, price spikes, and gasoline shortages up and down the East Coast.
Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and US efforts to counter it.
The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.
Disruption elsewhere was more severe.
In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”
In New Zealand, 11 schools and several kindergartens were affected.
Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.
“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.
The hackers who claimed responsibility for the breach have demanded US$70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.
Kaseya’s CEO told Reuters on Tuesday he would not reveal whether his company planned to pay the ransom or not, or even whether it was negotiating with REvil.
Psaki said that while the administration discouraged such payments, questions about whether the data would be ransomed should be directed to Kaseya.