The warning to Putin on Friday was largely a repetition of
the tough rhetoric Biden had used during their meeting in Geneva last month,
when he warned that there would be consequences for continuing cyberattacks
emanating from Russia. Since then, a new ransomware attack linked to the
Russia-based REvil hacking group has caused widespread disruption, placing
Biden under growing pressure to this time marry the warning with actions —
though none were immediately announced.
“I made it very clear to him that the United States expects
when a ransomware operation is coming from his soil even though it’s not
sponsored by the state, we expect them to act if we give them enough
information to act on who that is,” Biden said, speaking to reporters at an
event on economic competitiveness. Asked whether there will be consequences, he
said, “Yes.”
The call with Putin underscored the extent to which the
ransomware threat from criminal hacker gangs has mushroomed into an urgent
national security challenge for the White House, and it suggested a possible
concession by the administration that earlier warnings to the Russian leader
had failed to curb a criminal activity that has taken aim at businesses across
the globe.
A White House statement announcing the hourlong call also
highlighted a U.S.-Russian agreement that will allow humanitarian aid to flow
into Syria. The dual prongs of the agenda show how even as Biden pledges to get
tough on Russia over hacking, there’s an inherent desire to avoid aggravating
tensions as the administration looks for Russia to cooperate, or at least not
interfere, with U.S. actions in other areas, including Syria, the Afghanistan
withdrawal and climate change.
In his call with Putin, besides reiterating the need for
Russia to take action and that the U.S. stands ready to act in response, Biden
also “emphasized that he is committed to continued engagement on the broader
threat posed by ransomware,” the White House said.
Biden told reporters that the U.S. and Russia have “set up a
means of communication now on a regular basis to be able to communicate with
one another when each of us thinks something is happening in another country
that affects the home country. And so it went well. I’m optimistic.”
In its own summary of the call, the Kremlin said “Putin
noted that despite the Russian side’s readiness to jointly stop criminal
activities in the information sphere, U.S. agencies haven’t made any requests
during the past month.”
The Kremlin said the two leaders emphasized the need for
cooperation on cybersecurity, which it said “must be permanent, professional
and non-politicized and should be conducted via special communication channels
... and with respect to international law.”
The Kremlin statement also noted that Biden and Putin
touched on the situation in Syria “with a special emphasis on humanitarian
aspects“ and “gave a positive assessment of coordination of Russian and U.S.
efforts on the issue, including in the U.N. Security Council.”
The White House declined to discuss the tone of Biden’s
call, though press secretary Jen Psaki said it did focus significantly on the
latest breach, which cybersecurity researchers have said infected victims in at
least 17 countries, largely through firms that remotely manage IT
infrastructure for multiple customers.
Though Biden had previously said the attack had caused
“minimal damage,” and it did not appear to target vital infrastructure, the
sheer global scale and the fact that it occurred so soon after the Geneva
meeting put immediate pressure on the administration to have some sort of
response.
Officials did not immediately announce any specific actions
they were taking or would consider taking. There are few easy options to
resolve the threat without risking a conflict that could spiral out of control
beyond the cybersecurity realm.
The Biden administration took office on the heels of a
massive cyberespionage campaign known as SolarWinds that U.S. officials have
linked to Russian intelligence operatives. But ransomware attacks, perpetrated
generally by criminal hacker gangs rather than state-sponsored hackers, appear
to have eclipsed old-fashioned spying as a potent threat.
A May attack on a pipeline that supplies roughly half the
fuel consumed on the East Coast caused the company to temporarily halt
operations. Colonial Pipeline paid roughly $4.4 million in ransom, although
U.S. authorities were able to claw back a large portion of that sum in a law
enforcement operation last month.
Hackers also recently extorted an $11 million ransom payment
from JBS SA, the world’s largest meat processor.