Biden: US Damage Appears Minimal In Big Ransomware Attack

Jul 6, 2021, 8:26 PM | Updated: 8:28 pm
FILE (Photo by Morris MacMatzen/Getty Images)...
FILE (Photo by Morris MacMatzen/Getty Images)
(Photo by Morris MacMatzen/Getty Images)

WASHINGTON (AP) — President Joe Biden said Tuesday that damage to U.S. businesses in the biggest ransomware attack on record appears minimal, though information remained incomplete. The company whose software was exploited said fewer than 1,500 businesses worldwide appeared compromised but cybersecurity experts caution that the incident isn’t over.

Also Tuesday, a security researcher who chatted online with representatives of the Russia-linked REvil gang behind the attack said they claimed to have stolen data from hundreds of companies, but offered no evidence.

Answering a reporter’s question at a vaccine-related White House event, Biden said his national security team had updated him Tuesday morning on the attack, which exploited a powerful remote-management tool run by Miami-based software company Kaseya in what is known as a supply-chain attack.

“It appears to have caused minimal damage to U.S. businesses but we’re still gathering information,” Biden said. “And I’m going to have more to say about this in the next several days.” An official at the Cybersecurity and Infrastructure Security Agency, speaking on condition they not be further identified, said no federal agencies or critical infrastructure appear to have been impacted.

On Wednesday, Biden and Vice President Kamala Harris will lead an interagency meeting to discuss the administration’s efforts to counter ransomware.

White House spokeswoman Jen Psaki held out the prospect of retaliatory action. What Biden told President Vladimir Putin in Geneva last month still holds, she said: “If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.”

What sort of action that would be is unclear.

Biden has said repeatedly that the Kremlin bears responsibility for giving ransomware criminals safe harbor, even if it is not directly involved. There is no indication that Putin has moved against the gangs. Psaki said Russian and U.S. representatives were meeting next week and would discuss the matter.

Further underscoring the geopolitical stakes in cyberspace, the Republican National Committee said Tuesday that it had been informed over the weekend that one of its contractors had been breached, though it was not immediately clear by whom. The RNC said no data was accessed.

The contractor, Synnex, initially said that the action “could potentially be in connection with the recent cybersecurity attacks of Managed Service Providers,” a likely reference to the breaches last week. But it backed away from that claim in a second statement late Tuesday.

Friday’s attack hobbled businesses in at least 17 countries. It shuttered most of the 800 supermarkets in the Swedish Coop chain over the weekend because cash registers stopped working, and reportedly knocked more than 100 New Zealand kindergartens offline.

Kaseya said it believes only about 800 to 1,500 of the estimated 800,000 to 1,000,000 mostly small business end-users of its software were affected. They are customers of companies that use Kaseya’s virtual system administrator, or VSA, product to fully manage their IT infrastructure.

Cybersecurity experts said, however, it is too early for Kaseya to know the true impact given its launch on the eve of the Fourth of July holiday weekend in the U.S. They said many targets might only discover it upon returning to work Tuesday.

Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms. In the U.S, disclosure of a breach is required by state laws when personal data that can be used in identity theft is stolen. Federal law mandates it when healthcare records are exposed.

Security researchers said that in this attack, the criminals did not appear to have had time to steal data before locking up networks. That raised the question whether the motivation behind the attack was profit alone, because extortion through threatening to expose sensitive pilfered data betters the odds of big payoffs.

But Ryan Sherstobitoff, threat intelligence chief of the cybersecurity firm Security Scorecard, said REvil representatives claimed Saturday to have stolen data from hundreds of companies and were threatening to sell it if ransom demands of up to $5 million for bigger victims — they were seeking $45,000 per infected computer — were not met.

“The operators are claiming that, though there is not necessarily direct evidence,” added Sherstobitoff, who said he masqueraded as a victim to engage the criminals. He said the criminals claimed banks were among victims.

REvil offered a universal software decoder to free all victims in exchange for a lump sum payment of $50 million, he added. On Sunday, that sum rose to $70 million in a post on the criminals’ dark web site.

Analysts say the chaos ransomware criminals have wrought in the past year — hitting hospitals, schools, local governments and other targets at the rate of about one every eight minutes — serves Putin’s strategic agenda of destabilizing the West.

Most of the more than 60 Kaseya customers that company spokeswoman Dana Liedholm said were affected are managed service providers (MSPs), with multiple customers downstream.

“Given the relationship between Kaseya and MSPs, it’s not clear how Kaseya would know the number of victims impacted. There is no way the numbers are as low as Kaseya is claiming though,” said Jake Williams, chief technical officer of the cybersecurity firm BreachQuest. Others researchers also questioned Kaseya’s visibility into crippled managed service providers.

The hacked VSA tool remotely maintains customer networks, automating security and other software updates. Essentially, a product designed to protect networks from malware was cleverly used to distribute it.

In an interview on Sunday, Kaseya CEO Fred Voccola estimated the number of victims in “the low thousands.” The German news agency dpa had reported that an unnamed German IT services company told authorities that several thousand of its customers were compromised. Also among reported victims were two Dutch IT services companies.

A broad array of businesses and public agencies were hit, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos said.

Liedholm, the Kaseya spokeswoman, said the vast majority of the company’s 37,000 customers were unaffected and said the company expected to release a patch Wednesday.

REvil, previously best known for extorting $11 million from the meat-processing giant JBS after hobbling it on Memorial Day, broke into at least one Kaseya server after identifying a “zero day” vulnerability, cybersecurity researchers said.

Dutch researchers said they alerted Kaseya to the zero day and a number of “severe vulnerabilities” ahead of the attack. Neither they nor Kaseya would say how far in advance.


Associated Press reporters Darlene Superville and Eric Tucker in Washington and Alan Suderman in Richmond, Virginia, contributed to this report.

KSL 5 TV Live

Top Stories

National News

Patrick Giblin in an undated arrest photo. He portrayed himself to women as a wealthy romantic look...
Faith Karimi, CNN

A fake Romeo charmed over 100 women, then scammed them

Patrick Giblin was like the American version of the "Tinder Swindler" -- but without the private jets.
15 hours ago
Oil prices jump 4% after the Keystone Pipeline was shut down following a leak. Pictured is the pipe...
Matt Egan, CNN Business

Keystone Pipeline shuts down after oil leak, halting flow of 600K barrels a day

The Keystone Pipeline has been shut down following a leak discovered near the border of Kansas and Nebraska.
15 hours ago
WNBA star Brittney Griner is back on U.S. soil. (CNN)...
Lekan Oyekanmi and Eric Tucker, Associated Press

Brittney Griner back home in US after Russian prisoner swap

Brittney Griner has returned to the United States, nearly 10 months after the basketball star’s detention in Russia made her the most high-profile American jailed abroad and set off a political firestorm.
15 hours ago
House Speaker Nancy Pelosi (D-CA) participates in a bill enrollment ceremony alongside Senate Major...
MARK SHERMAN Associated Press

AP 2015: Supreme Court gives same-sex marriage rights

On June 26, 2015, the U.S. Supreme Court ruled that same-sex couples had the right to marry. The narrow, 5-4, decision did away with same-sex marriage bans in 14 states.
2 days ago
MICHAEL RUBINKAM, Associated Press

Philly’s slain ‘Boy in Box’: 66 years later we know his name

Nearly 66 years after the battered body of a young boy was found stuffed inside a cardboard box, Philadelphia police have revealed the identity of the victim in the city’s most notorious cold case.
2 days ago
FILE PHOTO (Joseph Pallen/University of Idaho)...
REBECCA BOONE Associated Press

University of Idaho settles students’ free speech lawsuit

The University of Idaho will pay $90,000 to settle a lawsuit from members of a Christian law students' organization who claimed their freedom of speech was violated when the school issued no-contact orders against them.
2 days ago

Sponsored Articles

notebook with password notes highlighted...
PC Laptops

How to Create Strong Passwords You Can Actually Remember

Learn how you can create strong passwords that are actually easy to remember! In a short time you can create new ones in seconds.
house with for rent sign posted...
Chase Harrington, president and COO of Entrata

Top 5 reasons you may want to consider apartment life over owning a home

There are many benefits of renting that can be overshadowed by the allure of buying a home. Here are five reasons why renting might be right for you.
Festive kitchen in Christmas decorations. Christmas dining room....
Lighting Design

6 Holiday Decor Trends to Try in 2022

We've rounded out the top 6 holiday decor trends for 2022 so you can be ahead of the game before you start shopping. 
Happy diverse college or university students are having fun on their graduation day...
BYU MBA at the Marriott School of Business

How to choose what MBA program is right for you: Take this quiz before you apply!

Wondering what MBA program is right for you? Take this quiz before you apply to see if it will help you meet your goals.
Diverse Group of Energetic Professionals Team Meeting in Modern Office: Brainstorming IT Programmer...
Les Olson

Don’t let a ransomware attack get you down | Protect your workplace today with cyber insurance

Business owners and operators should be on guard to protect their workplace. Cyber insurance can protect you from online attacks.
Hand turning a thermostat knob to increase savings by decreasing energy consumption. Composite imag...
Lighting Design

5 Lighting Tips to Save Energy and Money in Your Home

Advances in lighting technology make it easier to use smart features to cut costs. Read for tips to save energy by using different lighting strategies in your home.
Biden: US Damage Appears Minimal In Big Ransomware Attack