US: We May Take Unilateral Action Against Russian Cyber-Criminals

  • The White House has issued another strongly worded warning to the Putin administration: the US will take action against cyber-criminals living in Russia if the Kremlin doesn’t.

    Press secretary Jen Psaki explained that the two countries are continuing “expert-level” talks in the wake of the meeting between Presidents Biden and Putin last month. Another talk focused on ransomware is scheduled for next week.

    “I will just reiterate a message that these officials are sending,” she added. “As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.”

    The news comes in the wake of a major new supply chain attack on US software provider Kaseya, which has affected around 1500 downstream organizations via their managed service providers (MSPs).

    The attackers are said to have used the REvil/Sodinokibi variant, whose authors purportedly speak Russian, not least because the malware is coded not to infect any organizations residing in former Soviet countries.

    However, given the large number of global affiliate groups using ransomware today, it’s far from clear whether this attack was launched by a Russian gang, even if the malware can be traced back there.

    Psaki acknowledged this in the press briefing.

    “The intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world, so we will continue to allow that assessment to continue,” she said.

    “But in our conversations — and we have been in touch directly — we are continuing to convey that message clearly.”

    Biden revealed on Saturday that he had ordered the intelligence community to provide a “deep dive” on precisely what happened.

    In the meantime, the official advice for any affected organizations continues to be to shut down any VSA servers and follow the mitigation steps from the Cybersecurity and Infrastructure Security Agency (CISA) issued over the weekend.

    In related news, Kaseya explained in an update yesterday that its planned restoration of the VSA SaaS service had been delayed.

    “During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline,” it noted.

    “We apologize for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service.”