WASHINGTON — Three weeks after he warned Vladimir Putin to crack down on criminal hackers striking the U.S. from inside Russia, President Joe Biden is under pressure to respond to the claim of responsibility by a Russia-based hacking group for what is being called the largest ransomware attack in history.
White House officials had said they never believed Biden’s demand to Putin would have immediate effect, and that they would give it six months to determine whether cyberattacks from inside Russia had tapered off. But a massive ransomware attack on Friday, apparently from inside Russia, has scrambled that calculus.
The attack, which private researchers say was carried out by REvil, a group of Russian-speaking hackers believed to operate inside that country, struck hundreds of American companies and more than a thousand in as many as 30 countries, experts say.
REvil has demanded $70 million to unlock the companies’ data, after a cyberattack that experts say was particularly devious, spreading malware by co-opting the software of trusted information technology firms in a method previously used largely by government intelligence agencies.
Over the weekend, before REvil took responsibility, Biden said his intelligence agencies were not yet certain the attack came from inside Russia. If that proves to be true, he said, “I told Putin we would respond.”
Biden said he would know more Sunday, but no statement was forthcoming Sunday or Monday. On Tuesday, the White House and the Director of National Intelligence did not respond to NBC’s questions about who was responsible and what Biden might do.
“What President Biden can and, I expect, will do, is demand Russia live up to its obligations and prevent its territory from being used for these criminal acts,” said Sen. Mark Warner, D.-Va., the chairman of the Senate Intelligence Committee, in a statement to NBC News. “If Putin wants Russia to be a productive member of the international community, he could certainly arrest and try these criminals in Russia, or hand them over to stand trial elsewhere.”
Warner pointed out that an international agreement to which Russia is a party stipulates that states will not allow their territories to be used by cyber criminals.
“This is the time when President Biden needs to pick up the phone and call Vladimir Putin and tell them enough is enough,” said cybersecurity expert Dmitri Alperovitch, chairman of the Silverado Policy Accelerator.
It’s clear, he said, that Biden’s warning to Putin “has not yet had impact. We don’t know if that’s because the message was not received, President Putin decided to ignore it. Or maybe he just didn’t feel like this shouldn’t be a top priority issue. Maybe he thought that this would be handled over time and negotiations. But we don’t have time here. We need to act. Now. We need to demand that these individuals responsible for this particular hack get arrested, the key gets turned over to the businesses that need to decrypt their data.”
Previously, White House officials have downplayed expectations about the warning.
“We didn’t set the measure at some verbal commitment from Vladimir Putin that Russian criminals would stop hacking,” National Security Adviser Jake Sullivan said June 18. “We set the measure at whether over the next 6 to 12 months, attacks against our critical infrastructure actually decline coming out of Russia.”
The latest cyberattack coincided with a new national security strategy published Saturday by the Kremlin that strikes a confrontational tone regarding the U.S. and the West, according to published translations.
The 44-page document says growing pressure from Western countries poses a danger to Russian society, according to the German news agency Deutsche Welle.
“The ‘Westernization’ of culture increases the danger that the Russian Federation will lose its cultural sovereignty,” the new strategy says.
The document adds that Russian “traditional spiritual-moral and cultural-historical values are under active attack from the U.S. and its allies,” and that Russia “considers it legitimate to take symmetrical and asymmetric measures” to prevent “unfriendly actions” by foreign states.
Asymmetrical action has included tolerating cyber crime against the West from inside Russia, experts say.
“Traditionally, these criminals have operated with impunity in Russia by and large, as long as they don’t target Russian businesses,” Alperovitch said. “The Russian law enforcement agencies have either left them alone or worse, recruited them to work for the state as part of their intelligence apparatus to continue attacks on the west. So at a minimum, they’re getting protection, and that needs to stop.”