Joe Biden has said US intelligence agencies are investigating a ransomware attack that hit hundreds of businesses last week, prompting suspicions of Russian gang involvement.
Security firm Huntress Labs said it believed the Russia-linked REvil ransomware gang were behind the sophisticated attack. The same group was blamed for a hack on the JBS meat processing company last month.
During a trip to Michigan, the president told reporters that “we’re not certain” who coordinated the ransomware attack. “The initial thinking was it was not the Russian government but we're not sure yet,” he added.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
SUBSCRIBE & SAVE
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The attacker “hijacked widely used technology management software from a Miami-based supplier called Kaseya”, Reuters reports, allowing the hackers to “encrypt the files” of around 200 businesses “simultaneously”. Huntress senior security researcher John Hammond told the news agency that it was a “colossal and devastating supply chain attack”. The Russian embassy in Washington has denied any Russian involvement.
Cyber pirates
The concept of a ransomware attack “can feel abstract”, The Washington Post says, and typically brings to mind images of “a group of organised but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return”.
But in reality, the paper continues, “the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people”.
Such attacks often begin with “phishing” - emails sent to fool employees into giving passwords or access to their company’s computer systems. Once inside, the hackers isolate key information, lock the system and demand a ransom in exchange for its release.
In May, an attack on Colonial Pipeline disrupted an oil supply that carries 2.5 million barrels a day - representing 45% of the East Coast’s supply of diesel, petrol and jet fuel. In the following six days, US fuel prices rose by six cents per gallon, according to the American Automobile Association (AAA).
The US government “relaxed rules on fuel being transported by road to minimise disruption to supply”, allowing delivery drivers across “18 states to work extra or more flexible hours when transporting refined petroleum products”, as the BBC reported at the time. But independent oil market analyst Gaurav Sharma told the broadcaster that oil companies were still “scrambling” to meet demand.
Similar attacks across the US have “resulted in missed chemotherapy appointments and delayed ambulances, lost school days, and transportation problems”, The Washington Post reports. And a recent hack on the JBS meat processing company triggered “worries about meat shortages or other key food providers being at risk”.
The US is not alone in facing an increase in hostile efforts to access key infrastructure. The UK’s National Cyber Security Centre (NCSC) last week warned of a spate of “ransomware attacks against schools, colleges and universities” in recent weeks.
The increase in ransomware campaigns “emphasises again the need for organisations in the sector to protect their networks”, said the NCSC said, which noted that the attacks can “have a devastating impact”.
The spike in attacks worldwide “is exactly what cybersecurity professionals have been warning about for years”, The Washington Post adds. “But it’s partially the impact on everyday people - far from the executive suites, cybersecurity companies, or government agencies that regularly fret about the criminal enterprise - that has made the risk more visible.”
Defences dilemma
“Our goal is to make money and not creating problems for society,” DarkSide, the group behind the Colonial Pipeline attack, said in a statement sent to US news network CNBC in May.
The group of hackers is “apolitical” and “do not participate in geopolitics”, according to the statement, which claimed that DarkSide had been unaware its affiliates planned to target the US fuel pipeline. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” the group added.
Despite that promise, the recent string of high-profile attacks on key US infrastructure has “saddled” the Biden administration with a “grave national security crisis” that is “putting civilians on the front lines of an invisible conflict likely to defy quick fixes to lessen the threat”, writes CNN White House reporter Stephen Collinson.
The attackers are “targeting the country's vulnerable infrastructure as it struggles back to life after pandemic shutdowns”, Collinson continues, leaving the president with “thorny dilemmas about how to respond without escalating a full-on international cyberwar”. The “White House must hurriedly muster the defences of a vulnerable private sector”, while delivering on a pledge to “make culprits pay a painful price”.
Following the Colonial Pipeline hack, US Commerce Secretary Gina Raimondo told reporters that the administration was considering “all of the options” to confront the threat of ransomware criminals, adding: “We’re not taking anything off the table as we think about possible repercussions, consequences or retaliation.”
The issue was also on the agenda when Biden met with Vladimir Putin in Geneva for talks last month, amid the widely held belief that Russia “harbours some perpetrators” of major cyber assaults, The Guardian adds.
Biden wants Nato “to play a bigger role in tackling challenges facing the US from the Pacific and globally, while maintaining its foundational focus on Russia”, The Times reports.
Yet the “question of what kind of retaliation the US should launch is a fraught one”, says CNN’s Collinson.
“The cyber warfare battlefield is in the shadows, meaning there is little public evidence of actions the US may already have taken or the cathartic satisfaction of visible reprisals,” he writes.
“But any counter-attacks need to be calibrated to avoid an escalation that could not only cause a dangerous stand-off between the US and other nuclear powers but could also simply invite more attacks on US soil.”
Nigeria's worsening rate of maternal mortality
'Elevating Earth Day into a national holiday is not radical — it's practical'
UAW scores historic win in South at VW plant
How social media is limiting political content
Data breaches increased in 2023 and with them, internet security concerns
Cyberflashing, fake news and the new crimes in the Online Safety Act
Russian hackers allegedly breach US government agencies in cyberattack
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
The global race for rare-earth minerals
The microchip war raging between the US and China
‘Unsettling’ bid to bring dodo back to life
