We’re barely a month out from the Colonial Pipeline hacking, perpetrated by the Russian-speaking hacking group DarkSide, which left thousands of Americans without gas, preventing many from accessing food or medicine. Not long after that was the attack on JBS, the world’s largest meat supplier, which shut down multiple processing plants, perpetrated by Russian cybercriminal group REvil.
Two weeks ago, REvil hacked Kaseya, a U.S.-based software company, which affected 800 to 1,500 businesses. One of these businesses, Coop, a Swedish grocer, will take weeks to recover after the hacking shut down 800 of its physical storefronts. Coop paid $70 million to appease the criminals. The ripples also affected Leonardtown, Md., as city administrators lost all access to their systems.
How has President Joe Biden addressed the problem? After the Colonial Pipeline attack, he declared an executive order, calling for collaboration between the public and private sectors to iron out digital defense issues — and we learned the hard way that it will take more than that to deal with this crisis. Then, Biden addressed the issue at a summit with Putin. The attacks have continued.
Most recently, Biden called Putin and “reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.” When asked at a press conference if there would be consequences, Biden responded, “Yes.”
We needed to set some clear boundaries — some definite consequences that would get Vladimir Putin’s attention — and, from what little we know, it looks like we might have succeeded in that. Once Biden called out Putin on the issue one-on-one, hacking giant REvil disappeared. Hacking collectives have an agenda. The cybersecurity company Cybereason reports that the ransomware these hackers are installing first scans a computer’s installed languages for Russian, Ukrainian, Syrian Arabic and others that are native to Russian-allied countries. If the computer has one installed, the ransomware stops dead in its tracks.
In mid-June, cybersecurity became a principal topic of the summit between Biden and Putin. In a press conference, Biden said that he gave a list to Putin listing “16 specific entities; 16 defined as critical infrastructure under U.S. policy” which are “off-limits to attack.” He followed this comment saying, “Of course, the principle is one thing. It has to be backed up by practice. Responsible countries need to take action against criminals who conduct ransomware activities on their territory.”
We would add that responsible countries also take firm action when their citizens are endangered. We remember Biden saying in February, “I made it clear to President Putin, in a manner very different from my predecessor, that the days of the United States rolling over in the face of Russia’s aggressive actions — interfering with our elections, cyberattacks, poisoning its citizens — are over.”
While the process of shutting down REvil is still in the dark, this looks like a good example of Biden backing up his words. We provided consequences: either Putin wrangles the hackers harbored in Russia’s borders or the U.S. takes swift, decisive actions to protect American assets. We hope that this signals a future of cooperation with Russia on the issue of cybercrime, as well as standing firm against Russia when their inaction results in American losses.