U.S. President Joe Biden speaks in the East Room of the White House on July 8, 2021, in Washington.Evan Vucci/The Associated Press
U.S. President Joe Biden told Russian President Vladimir Putin in a Friday phone call that he must “take action” against cybercriminals acting in his country and that the U.S. reserves the right to “defend its people and its critical infrastructure,” the White House said.
The conversation came less than a month after the two leaders met in Geneva, when Biden warned against continuing cyberattacks emanating from Russia. A new ransomware attack linked to the REvil hacking group based in Russia caused widespread disruption last weekend, affecting as many as 1,500 businesses.
“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it was not, not sponsored by the state, we expect him to act,” Biden said, speaking to reporters at an event on economic competitiveness. Asked whether there will be consequences, he said, “Yes.”
The White House said in an earlier statement that Biden “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia” and “reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.”
Biden also “emphasized that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said. Biden told reporters that the U.S. and Russia have set up a means of communicating for when either country sees something happening. “It went well, I’m optimistic,” he said.
Friday’s call underscored the extent to which the ransomware threat from criminal hacker gangs has mushroomed into an urgent national security challenge for the White House, and it suggested a possible concession by the administration that earlier warnings to Putin had failed to curb a criminal activity that has taken aim at businesses across the globe.
The Kremlin said “Putin noted that despite the Russian side’s readiness to jointly stop criminal activities in the information sphere, U.S. agencies haven’t made any requests during the past month.”
The Kremlin statement said the two leaders emphasized the need for cooperation on cybersecurity, which it said “must be permanent, professional and non-politicized and should be conducted via special communication channels ... and with respect to international law.”
The White House statement announcing the hourlong call with Putin highlighted a U.S.-Russian agreement that will allow humanitarian aid to flow into Syria. The dual prongs of the agenda show how even as Biden pledges to get tough on Russia over hacking, there’s an inherent desire to avoid aggravating tensions as the administration looks for Russia to cooperate, or at least not interfere, with U.S. actions in other areas, including Syria, the Afghanistan withdrawal and climate change.
The White House declined to discuss the tone of Biden’s call, though press secretary Jen Psaki said it did focus significantly on the latest breach, which cybersecurity researchers have said infected victims in at least 17 countries, largely through firms that remotely manage IT infrastructure for multiple customers.
Though Biden had previously said the attack had caused “minimal damage,” and it did not appear to target vital infrastructure, the sheer global scale and the fact that it occurred so soon after the Geneva meeting put immediate pressure on the administration to have some sort of response.
Officials did not immediately announce any specific actions they were taking or would consider taking. There are few easy options to resolve the threat without risking a conflict that could spiral out of control beyond the cybersecurity realm.
The Biden administration took office on the heels of a massive cyberespionage campaign known as SolarWinds that U.S. officials have linked to Russian intelligence operatives. But ransomware attacks, perpetrated generally by criminal hacker gangs rather than state-sponsored hackers, appear to have eclipsed old-fashioned spying as a potent threat.
A May attack on a pipeline that supplies roughly half the fuel consumed on the East Coast caused the company to temporarily halt operations. Colonial Pipeline paid roughly $4.4 million in ransom, although U.S. authorities were able to claw back a large portion of that sum in a law enforcement operation last month.
Hackers also recently extorted an $11 million ransom payment from JBS SA, the world’s largest meat processor.
Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.