"We’re not sure if it’s the Russians," President Biden said Friday in response to the latest allegations that a 'Russian-linked hacker group' targeted some 200 US companies in a massive ransomware attack. But he's vaguely promising a "response" if Kremlin links can be found.
This latest major incident unveiled at the end of this past week is being described as akin to "SolarWinds with ransomware," which paralyzed the networks of the US companies. Wired explains the inevitability that the "the two dominant cybersecurity threats of the day— supply chain attacks and ransomware—would combine to wreak havoc." It's also being called "colossal" in scope and appears to involve blackmail payment demands just as in prior major breaches.
Wired writes further of the aftermath as details continue to fall into place, "That’s precisely what happened Friday afternoon, as the notorious REvil criminal group successfully encrypted the files of hundreds of businesses in one swoop, apparently thanks to compromised IT management software. And that’s only the very beginning."
The hack targeted the Florida-based software management firm Kaseya, which said Friday afternoon it was the "victim of a sophisticated cyberattack" which caused it to immediately alert all of its clients to shut down their impacted servers. The US Cybersecurity and Infrastructure Security Agency (CISA) quickly said it's launching an investigation the same day, "taking action to understand and address the supply-chain ransomware attack against Kaseya," according to its statement.
Soon after disembarking Air Force One, Biden appeared a bit confused but also bluntly insisted there's no certainty it was the Russians: "First of all, we’re not sure who it is for certain, number one," he said while being peppered with reporters' questions over the then developing incident:
"I’ll be in better shape to talk to you about it—hang on a second," the president said as he reached into his pocket to pull out a note card.
"I’ll tell you what they sent me, OK?" the president continued. "First of all, we’re not sure who it is for certain, number one."
"And the fact is that I directed the intelligence community to give me a deep dive on what’s happened, and I’ll know better tomorrow. And if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond," Biden said.
Here's his awkward interaction with reporters inside a store during a Michigan stop...
Based on his quickly referencing the initial intelligence he was sent, the president seemed to clearly confirm that US agencies have reached no conclusions on Russian involvement as yet, despite a slew of media reports hastily pointing in that direction, as is usual.
Biden reiterated this position when asked about phoning President Putin over the new breach:
Asked if has spoken with Russian President Vladimir Putin about the hack, Biden said he has not.
"I haven’t called because we’re not certain. And the initial thinking was it was not the Russian government, but we’re not sure yet," Biden said.
He had said he "got a brief as I was on the plane and that’s why I was late". The FBI is also said to be involved in probing the large-scale cyberattack which is being called by cyber security specialists a "colossal and devastating supply chain attack."
John Hammond, senior security researcher at Huntress Labs, on the Kaseya breach: ~200 companies that use Kaseya's tech had their networks encrypted by REvil (think of this as SolarWinds but with ransomware).— Zack Whittaker (@zackwhittaker) July 2, 2021
"This is a colossal and devastating supply chain attack." pic.twitter.com/c9xDnrJw9f
According to multiple reports that emerged over the weekend, the hacking collective REvil is demanding that victim companies pay $45,000 in the cryptocurrency Monero to gain back access to their systems, warning that the payment will double each week they fail to pay up.
Despite Biden denying anything conclusive pointing to Russia being behind it, US mainstream media will undoubtedly hype a "Kremlin attack" through Sunday into Monday, which will in turn likely put more pressure on the administration to more aggressively put blame on Russian intelligence and in turn "take action" - evidence or not - likely in the form of more sanctions. The president has so far ordered a top level investigation into the ransomware attack.