Joe Biden warned Vladimir Putin that Russia would face consequences if it failed to act against hackers behind a spate of ransomware attacks, saying the US would take “any necessary action” to protect its people and infrastructure.
The White House said the two leaders spoke by phone on Friday “about the ongoing ransomware attacks by criminals based in Russia that have impacted the United States and other countries around the world”, in their first conversation since meeting in Geneva last month.
Biden “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasised that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said.
The US president also “reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge”, according to the White House.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it is not sponsored by the state, we expect them to act,” Biden told reporters at a White House event later on Friday, adding: “It went well. I am optimistic.”
When asked if Russia would face consequences for not dealing with ransomware hackers, Biden replied: “Yes.”
A senior administration official later told reporters: “We are not going to telegraph what those actions will be precisely. Some of them will be manifest and visible, some of them may not be. But we expect those to take place in the days and weeks ahead.”
Jen Psaki, White House press secretary, said the hour-long phone call was an “example” of “being clear and candid and forthright when there is disagreement”.
The Kremlin’s account of the conversation noted that Putin told Biden Moscow had not received a request for co-operation from the US government since the Geneva meeting, despite Russia’s “readiness to jointly suppress cyber crime”.
“Taking into account the scale and seriousness of the challenges in this area, the interaction between Russia and the United States should be permanent, professional and non-politicised,” the Kremlin said in a statement. The two presidents also discussed the war in Syria and US-Russia co-operation in that area, the Kremlin added.
A senior Biden administration official pushed back on the Kremlin’s statement: “We have relayed multiple specific requests for action on cyber criminals to Russia through official channels, and made it clear about what Russia’s responsibility is with regard to taking action, including again today at the level of the two presidents.”
Ransomware attacks — in which hackers seize a company’s systems or data only to release it if a ransom is paid — have proliferated recently, as a pandemic-related shift to remote working has left businesses more vulnerable to intruders.
Friday’s call follows a string of particularly audacious and disruptive attacks carried out this year, including against the US’s Colonial Pipeline, which was forced to close temporarily, and against JBS, the world’s largest meat processor.
Over last weekend the REvil hacking cartel went on a global ransomware spree targeting an information technology supply chain, hitting about 1,500 businesses and forcing Sweden’s Coop group to shut 800 of its grocery stores after cash registers stopped working. Hackers have demanded a $70m ransom to unlock the data, reigniting the debate over whether companies should pay criminals or not.
All three attacks have been attributed by researchers to Russian-speaking ransomware gangs, operating out of Russia. Some US cyber security experts accuse Moscow of harbouring ransomware criminals, avoiding prosecuting them on the understanding that they do not hit Russian companies, and hand over stolen data or a cut of profits if called upon to do so.
Separately, a Republican National Committee contractor was hacked this week, although investigators believe this was a state-backed attack rather than from a criminal enterprise. Psaki declined to say whether Biden pressed Putin on that.
Biden and Putin met face-to-face last month for the first time since Biden became president. Biden told reporters afterwards that he had given Putin a list of “certain critical infrastructure [that] should be off limits” from cyber attacks, detailing 16 entities.
Despite the discussion, ransomware hackers have continued to target these sectors, according to Brett Callow, an analyst at the cyber security group Emsisoft. In particular, the local government, healthcare and education sectors have suffered at least 30 ransomware breaches since June, he said.