US warns of action against ransomware gangs if Russia refuses

White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so.

Psaki added that the recent REvil ransomware attack on Florida-based IT company Kaseya is not yet attributed to anyone, specifically not to the Russian government.

She also said that high-level US and Russian officials will meet again next week to address the recent attacks that have targeted US organizations this year.

“We have undertaken expert level talks that are continuing. We expect to have another meeting next week focused on ransomware attacks,” the White House Press Secretary stated during a briefing on the Biden administration’s policy agenda.

“As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.

“Now, in this case, the intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world.”

G7 (Group of 7) leaders also asked Russia last month to urgently disrupt ransomware gangs believed to be operating within its borders after the seemingly endless stream of attacks targeting organizations from critical sectors worldwide.

Earlier today, Kaseya said that the supply-chain ransomware attack coordinated by the REvil ransomware group “had limited impact” as it hit fewer than 60 managed service providers (MSPs) using its VSA remote monitoring and management software.

REvil claims to have encrypted more than 1,000,000 systems in this large-scale supply-chain attack and, after initially demanding $70 million, it is now asking for $50 million for a universal decryptor.

In all, the company said the attackers compromised up to 1,500 downstream businesses and “this attack was never a threat nor had any impact to critical infrastructure,” even though CISA considers the Information Technology Sector as a critical infrastructure sector.

“The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached,” Kaseya said.

“Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.”

Kaseya’s CEO also added that “this highly sophisticated attack has proven to be, thankfully, greatly overstated.”

CISA and the FBI have shared guidance for victims of this attack, and the White House National Security Council is urging victims to report incidents and follow the guidance issued by Kaseya.