- US President Joe Biden has instructed the National Intelligence Agency to investigate the people behind the complex ransomware attacks.
- The attack hit hundreds of American companies and raised suspicions about the REvil ransomware group linked to Russia.
- According to official reports, the FBI recently accused the same Russian group of paralyzing meat processor JBS SA.
President Joe Biden said on Saturday that he had instructed U.S. intelligence agencies to investigate the behind-the-scenes of a sophisticated ransomware attack that attacked hundreds of U.S. companies and sparked suspicion that Russian gangs were involved.
Security company Huntress Labs said on Friday that it believes the REvil ransomware group related to Russia is responsible for the latest ransomware outbreak. Last month, the FBI accused the same organization of paralyzing meat processor JBS SA.
When Biden visited Michigan to promote his vaccination plan, he was asked about hacking when buying pies at the Cherry Orchard Market.
Biden said that “we are not sure” who was behind the attack. “The original idea was not the Russian government, but we are not sure yet,” he said.
Biden said that he has instructed US intelligence agencies to investigate, and if they determine that Russia is the culprit, the US will respond.
At the June 16 summit in Geneva, Biden urged Russian President Vladimir Putin to crack down on cyber hackers from Russia and warned that if such ransomware attacks continue to spread, the consequences will be disastrous.
Opinion | Biden and Putin try to end John Mattison’s cyber war
Biden said he will hear a briefing on the latest attack on Sunday.
Speaking of what he told Putin in Geneva, Biden said: “If Russia knows and/or Russia has caused the consequences, then I tell Putin we will respond.”
The hackers who attacked on Friday hijacked technology management software widely used by a Miami vendor called Kaseya.
They changed a Kaseya tool called VSA for use by companies that manage small business technology. Then they simultaneously encrypt the files of these providers’ customers.
Huntress said it is tracking eight hosting providers that have been used to infect approximately 200 customers.
Kaseya said on its website on Friday that it is investigating a “potential attack” on the VSA, which IT professionals use to manage servers, desktops, network devices and printers.
Watch | U.S. launches naturalization efforts, Biden celebrates new citizens
John Hammond, a senior security researcher at Huntress, said in an email: “This is a huge and devastating supply chain attack,” referring to an increasingly compelling hacking technique that hijacks a piece of software at once. Hundreds of users are harmed.
In a statement on Friday, the U.S. Cybersecurity and Infrastructure Security Agency stated that it is “acting to understand and resolve the recent supply chain ransomware attack on Kaseya’s VSA product.”
After the United States accused hackers of acting in accordance with the instructions of the Russian government and tampering with network monitoring tools developed by Texas software company SolarWinds, supply chain attacks have become the top priority of the cyber security agenda.
On Thursday, US and British authorities stated that Russian spies accused of interfering in the 2016 US presidential election had abused virtual private networks (VPNs) to target hundreds of organizations around the world for most of the past two years.
On Friday, the Russian Embassy in Washington denied the allegations.
Did you know you can comment on this article? Subscribe to news 24 And add your voice to the conversation.