President Joe Biden has been slammed as ‘weak’ for his allegedly slow response to a global cyberattack that has affected at least 1,000 companies in the United States.
House Minority Leader Kevin McCarthy tweeted on Saturday, referencing news from June that Biden had given Russian president Vladimir Putin a list of targets that were off-limits to cyber attacks.
‘Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits,’ McCarthy tweeted.
He added: ‘Biden is soft on crime and weak against Putin.’
Biden has warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 American firms in the run-up to July 4 weekend.
The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin.
‘We’re not sure who it is,’ he said, while he celebrated the start of July 4 weekend at a cherry farm in Central Lake, Michigan.
‘The initial thinking was it was not the Russian government but we’re not sure yet.’
He added: ‘If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.’
The warning comes after the two leaders met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia.
In recent months, the nation’s critical infrastructure has fallen victim to attacks from cyber criminal groups thought to be based in Russia, with one of the US’s biggest fuel carriers and one of its biggest meat suppliers each shuttered for days following breaches.
Biden said Saturday he had not spoken with Putin since the latest breach or since their meeting in Geneva.
However, he said he should know more about the latest attack Sunday when he is briefed by US intelligence officials.
‘I directed the full resources of the government to assist in the response if needed,’ he said.
‘I directed the intelligence community to give me a deep dive on what’s happened. I’ll know better tomorrow.’
The US Cybersecurity and Infrastructure Security Agency (CISA) said Friday it was ‘taking action to understand and address the recent supply-chain ransomware attack.’
Around 200 US businesses were impacted by a ‘colossal’ cyber attack Friday, paralyzing their computer networks.
Worldwide, more than a thousand firms across at least 17 countries are thought to have also been affected.
The hackers first targeted Florida-based IT company Kaseya before spreading to other firms that use the company’s software.
The breach was discovered Friday afternoon as many businesses had already closed or waved goodbye to employees for the long Independence Day weekend.
Kaseya said it notified the FBI and had so far found less than 40 customers impacted by the breach.
Security firm Huntress said Friday it believed the Russia-linked REvil ransomware cyber gang was to blame.
Last month, the FBI blamed the same group for paralyzing US meat packer JBS.
The hackers that struck Friday hijacked widely used technology management software from Kaseya then changed a Kaseya tool called VSA.
VSA is used by IT professionals to manage technology including servers, desktops, network devices and printers at smaller businesses.
The cybercriminals then encrypted the files of those providers’ customers simultaneously.
Huntress said 20 managed service providers had been used to infect more than 1,000 businesses.
Huntress senior security researcher John Hammond warned that the number of those affected is likely to increase, as he described the incident as ‘a colossal and devastating supply chain attack.’
This type of hacking is especially damaging as by going after MSPs the hackers can reach many more victims – by breaching the systems of their customers as well.
The full extent of the breach and how many companies have been affected is not yet clear.
Among those affected is Synnex – an MSP used by the Republican National Committee (RNC), reported Bloomberg.
A spokesman said Microsoft had alerted the RNC that Synnex ‘may have been exposed’ but said there was ‘no indication’ the RNC was also victim to an attack or that any sensitive information had been stolen from the committee.
Some cybersecurity researchers believe the ransomware attack could be one of the broadest on record.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said ‘the number of victims here is already over a thousand and will likely reach into the tens of thousands.’
He added: ‘No other ransomware campaign comes even close in terms of impact.’
Cybersecurity firm ESET said there are victims in least 17 countries, including the UK, South Africa, Canada, Argentina, Mexico and Spain.
In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, while the Swedish State Railways and a major local pharmacy chain were also affected.
It is unclear how many organizations have since received ransom demands from the hackers in exchange for getting their systems back up and running again.
The FBI has urged companies not to pay ransoms but, in two of the biggest recent cyber attacks, it transpired that the victims bowed to the demands of the cyber criminals.
JBS, the nation’s largest meat supplier, paid an $11million ransom in Bitcoin to the hackers who shut down its US plants.
It had learned of an attack on May 30 after finding ‘irregularities’ on its servers and a ransom note.
This forced the supplier to shut down its computer servers, suspending meat production systems at its US plants for four days.
The FBI said in June REvil – the Russian cybercriminal group also known as Sodinokibi which is known to be one of the most prolific cyber gangs in the world – was behind the breach.
This came just weeks after Colonial Pipeline fell victim to an attack that forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide.