Joe Biden warned Vladimir Putin that Russia would face consequences if it failed to take action against hackers behind a spate of ransomware attacks, saying the US would take “any necessary action” to protect its people and infrastructure.
The White House said the two leaders spoke by phone on Friday “about the ongoing ransomware attacks by criminals based in Russia that have impacted the United States and other countries around the world”, in their first conversation since meeting in Geneva last month.
Biden “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasised that he is committed to continued engagement on the broader threat posed by ransomware”, a White House statement said.
The US president also “reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge”, according to the White House.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it is not sponsored by the state, we expect them to act,” Biden told reporters at a White House event later on Friday, adding: “It went well. I am optimistic.”
When asked if Russia would face consequences for not dealing with ransomware hackers, Biden replied: “Yes.”
Jen Psaki, White House press secretary, said the phone call had lasted “about an hour” and was an “example” of “being clear and candid and forthright when there is disagreement”.
The Kremlin’s account of the conversation noted that Putin told Biden Moscow had not received a request for co-operation from the US government since the Geneva meeting, despite Russia’s “readiness to jointly suppress cyber crime”.
“Taking into account the scale and seriousness of the challenges in this area, the interaction between Russia and the United States should be permanent, professional and non-politicised,” the Kremlin said in a statement. The two presidents also discussed the war in Syria and gave a positive assessment of US-Russia co-operation in that area, the Kremlin added.
Ransomware attacks — in which hackers seize a company’s systems or data only to release it if a ransom is paid — have proliferated recently, as a pandemic-related shift to remote working has left businesses more vulnerable to intruders.
Friday’s call follows a string of particularly audacious and disruptive attacks carried out this year, including against the US’s Colonial Pipeline, which was forced to close temporarily, and against JBS, the world’s largest meat processor.
Over the weekend, the REvil hacking cartel went on a global ransomware spree targeting an information technology supply chain, hitting about 1,500 businesses and forcing Sweden’s Coop group to shut 800 of its grocery stores after cash registers stopped working. Hackers have demanded a $70m ransom to unlock the data, reigniting the debate over whether companies should pay criminals or not.
All three attacks have been attributed by researchers to Russian-speaking ransomware gangs, operating out of Russia. Some US cyber security experts accuse Moscow of harbouring ransomware criminals, avoiding prosecuting them on the understanding that they do not hit Russian companies, and hand over stolen data or a cut of profits if called upon to do so.
Separately, a Republican National Committee contractor was hacked this week, although investigators believe this was a state-backed attack rather than from a criminal enterprise. Psaki declined to say whether Biden pressed Putin on the RNC hack.
Biden and Putin met face-to-face in Geneva last month for the first time since Biden became president. Those three-and-a-half hour talks were described as “open” and “frank”, as Biden warned his Russian counterpart there would be “devastating” consequences for the Kremlin if opposition activist Alexei Navalny were to die in prison.
Biden told reporters after the June meeting that he had given Putin a list of “certain critical infrastructure [that] should be off limits” from cyber attacks, detailing 16 entities.
Despite the discussion, ransomware hackers have continued to target these sectors, according to Brett Callow, an analyst at the cyber security group Emsisoft. In particular, the local government, healthcare and education sectors have suffered at least 30 ransomware breaches since June, he said.