CENTRAL LAKE, Michigan, July 3 (Reuters) – President Joe Biden said Saturday that he had directed U.S. intelligence agencies to investigate who was behind an elaborate ransomware attack that hit hundreds of American companies and led to suspicion of one Involvement of Russian gangs resulted.
Security firm Huntress Labs said Friday it believes Russia-related ransomware gang REvil is responsible for the news Ransomware outbreak. Last month the FBI accused the same group of paralyzing meat packer JBS SA (JBSS3.SA).
Biden was asked about the hack while visiting Michigan to promote his vaccination program while buying cake at a cherry orchard market.
Biden said, “We’re not sure” who was behind the attack. “The first thought was that it wasn’t the Russian government, but we’re not sure yet,” he said.
Biden said he directed US intelligence agencies to investigate and the United States will respond if it finds that Russia is to blame.
During a summit in Geneva on June 16, Biden urged Russian President Vladimir Putin to take action against cyber hackers originating from Russia and warned of the consequences if such ransomware attacks continued to spread.
Biden said he would receive a briefing on the recent attack on Sunday.
“If it happens to either knowledge and / or a consequence of Russia, I have told Putin that we will answer,” said Biden, referring to what he said to Putin in Geneva.
The hackers that struck on Friday hijacked widespread technology management software from a Miami-based company called Kaseya. They changed a Kaseya tool called VSA, which is used by companies that manage technology in smaller businesses. Then they encrypted the files of the customers of these providers at the same time.
Huntress said it tracked eight managed service providers that were used to infect approximately 200 clients.
Kaseya announced on its own website on Friday that it is investigating a “potential attack” on VSA used by IT professionals to manage servers, desktops, network devices and printers.
“This is a colossal and devastating attack on the supply chain,” Huntress’ senior security researcher John Hammond said in an email, referring to an increasingly popular hacking technique in which software is hijacked by hundreds or compromise thousands of users at the same time.
In a statement Friday, the US Cyber Security and Infrastructure Security Agency said it is “taking steps to understand and combat the recent ransomware attack on the supply chain” against Kaseya’s VSA product.
Supply chain attacks have crept to the top of the cybersecurity agenda after the United States accused hackers of acting on orders from the Russian government and tampering with a network monitoring tool operated by the Texan software company SolarWinds.
On Thursday, US and UK authorities said Russian spies, accused of meddling in the 2016 US presidential election, spent much of the past two years abusing virtual private networks (VPNs) to serve hundreds of organizations around the world to target.
On Friday, the Russian embassy in Washington rejected the allegation.
Reporting by Trevor Hunnicutt; additional reporting by Raphael Satter and Joseph Menn; Letter from Steve Holland; Editing by Daniel Wallis, David Gregorio and Diane Craft
Our standards: The Thomson Reuters Trust Principles.
#Biden #orders #investigation #latest #ransomware #attack