The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Now there’s even more pressure on Biden to punch back against Russian ransomware

with Aaron Schaffer

Correction: An earlier version of this post misstated the value of the ransom demanded in the Kaseya ransomware attack. 

Pressure is mounting on the Biden administration to respond forcefully to Russia-based ransomware attacks as U.S. businesses reel from the latest in a string of major hacks over the holiday weekend. 

The Russia-based criminal hackers believed to have launched that attack locked up computers at between 800 and 1,500 organizations, worming their way in through the software vendor Kaseya, Gerrit De Vynck, Aaron Gregg and Rachel Lerman report. They’re demanding $70 million to unlock computers at scores of U.S. small businesses, schools in New Zealand and a Swedish grocery chain. 

“At this point, the Biden administration’s credibility is on the line about not tolerating these attacks,” Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, told me. “Events are forcing their hand.”

The attack came just weeks after President Biden demanded during a summit with Russian President Vladimir Putin that Russia halt both criminal and government cyberattacks that target critical U.S. industries. 

The Kaseya attack did not hit any of the most critical industries or government agencies, officials say

Yet, such a widespread attack over a holiday weekend is raising the stakes for the administration to either win some public concessions from Russia quickly or punch back hard

It's also underscoring for officials how criminal ransomware attacks targeting industry can be far more disruptive than government-backed cyber espionage against federal agencies, Ellen Nakashima reports

Indeed, as companies scrambled to respond to Kaseya, evidence began emerging of yet another significant hack. 

A Russian government hacking group breached Synnex, a technology contractor for the Republican National Committee, a person familiar with the case told Ellen. 

The group allegedly behind the effort, the SVR, is the same Russian intelligence agency that compromised numerous government agencies and companies through the tech firm SolarWinds. SVR also breached the Democratic National Committee in 2015 but there's no evidence it leaked any material during the campaign. The hacking and leaking operation that upended the Clinton campaign was conducted by a separate Russian intelligence agency called the Main Intelligence Directorate of the General Staff, or GRU.

The Synnex compromise has nothing to do with ransomware, the person familiar with the case said. Rather it is very much in the realm of cyber espionage, which is not in and of itself a red line for the Biden administration. 

RNC officials  denied a Bloomberg News report that Kremlin hackers compromised the RNC itself. The GOP campaign arm worked with Microsoft to review the Synnex breach but found no evidence that RNC data was accessed, chief of staff Richard Waters said.

Here's a rundown from Kaseya CEO Fred Voccola

U.S. and Russian national security officials have met several times since Biden's warning to Putin and will meet this week, White House spokeswoman Jen Psaki said. 

That meeting will focus specifically on the ransomware threat, she said. 

Biden is also today gathering top officials from the State, Justice and Homeland Security departments and the intelligence community to discuss government-wide efforts to combat ransomware, Psaki said. 

She reiterated that “if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action on our own.” 

The government has not yet definitively determined who was behind the Kaseya attack, she said. Cybersecurity companies have attributed the hack to REvil, a Russia-based criminal group that was responsible for a ransomware attack last month that disrupted operations at JBS, the world’s largest meat processor. 

Here are details from Psaki:

White House press secretary Jen Psaki on July 6 said that President Biden would be meeting with multiple government agencies to discuss ransomware attacks. (Video: The Washington Post)
Administration officials have tried to strike a balance between stern warnings and careful diplomacy.

Before Kaseya, National Security Adviser Jake Sullivan described a six-to12-month process of negotiations and pressure before officials determined whether Russia was reining in hacking.

Yet, a process that is too deliberative risks emboldening Russian hackers even more

“The problem is we don’t have six to 12 months because, as we’ve seen, attacks are continuing and they’re escalating,” Alperovitch told me. 

In a Post op-ed, Alperovitch and co-author Matthew Rojansky called on Biden to demand the Kremlin identify the hackers responsible for the Kaseya breach and force them to release all the locked-up data. If Putin doesn’t comply, Biden and Congress should impose damaging economic sanctions on Russia’s largest oil and gas firms, they wrote. That would be a far more dramatic punchback than any U.S. officials have attempted just far. 

If this opportunity to draw a bright line is missed, these attacks risk becoming Russia’s asymmetric weapon of choice against the United States,” they wrote.

Alperovitch was formerly a top executive at CrowdStrike, a cybersecurity firm that closely tracked Russian hacking activity and assigned blame to the Kremlin for numerous major hacks including the 2016 Democratic National Committee breach. Rojansky is director of the Wilson Center’s Kennan Institute. 

Calls for action also are coming from Congress. 

Republicans led by House Minority Leader Kevin McCarthy (R-Calif.) claimed on Twitter that the Kaseya attack shows Biden wasn’t tough enough on Putin in Geneva. The tweets failed to mention that President Donald Trump was repeatedly hesitant to call out Putin for cyberattacks including hacking and disinformation attacks aimed at undermining the 2016 election.

Sen. Richard Blumenthal (D-Conn.) urged “firm, proportionate consequences” against Putin for the attack. 

The keys

The Pentagon is starting from scratch on a long-delayed and contentious $10 billion cloud computing contract. 

The move follows a years-long legal battle involving Microsoft and Amazon, Aaron Gregg reports. Microsoft won the contract but was barred from starting work on it because of a federal court’s injunction related to protests by Amazon. 

Only Microsoft and Amazon will initially be allowed to compete for the new contract, which will be open to multiple vendors. (Amazon founder Jeff Bezos owns The Washington Post.)

The years-long effort to jump-start the Joint Enterprise Defense Infrastructure project, or JEDI, is the Pentagon's greatest effort to date to store its highly sensitive data in a computer cloud as the U.S. military races to compete with China in high-tech areas such as artificial intelligence. But the process was a lightning rod from the start — largely because the Pentagon said only one company could get the $10 billion deal.

Toni Townes-Whitley, Microsoft’s president of U.S. regulated industries, said the company respected and accepted the decision to cancel the deal. “It’s clear the DoD trusts Microsoft and our technology, and we’re confident that we’ll continue to be successful as the DoD selects partners for new work,” Townes-Whitley said.

Tech companies are sparring with Hong Kong authorities over proposed changes to privacy laws. 

The tech companies argue that a legislative proposal would endanger their employees by making them liable for content their users post online, the Wall Street Journal’s Newley Purnell reports. Hong Kong authorities say the legal changes are necessary to stop doxing — the publishing of people’s personal information, which can lead to harassment and which was common during 2019 protests in the city over China’s authority. It’s the latest source of controversy over Hong Kong, where Beijing last year assumed sweeping new powers.

Hong Kong’s personal data privacy commissioner will “meet with the representatives of the Asia Internet Coalition shortly to better understand their views,” a spokesman said. The group, whose members include Facebook, Twitter and Google, sent a letter to Hong Kong officials in June. It warned that the only way for the companies to avoid such liabilities would be to “refrain from investing and offering the services in Hong Kong.”

Lobbying report

Former congressman Lee Terry (R-Neb.) registered to lobby for Chinese telecom giant Huawei effective June 1. He plans to lobby on telecom and infrastructure issues for the company, which is facing heat in Washington, according to a filing.

Stephen Binhak, a former prosecutor on the team that investigated President Bill Clinton over Whitewater, also registered to lobby for Huawei. Binhak plans to lobby on issues including foreign investment, export controls and sanctions, according to a filing that was effective July 1.

Chat room

It has been…a week. And it’s only Wednesday. Red Canary’s Katie Nickels:

There’s no such thing as a slow week in cybersecurity news. Politico’s Sam Sabin and the Hill’s Maggie Miller:

Securing the ballot

OAN star pimped her election lies fundraiser dozens of times on air (The Daily Beast)

Government scan

How Does The Secret Service Track Fugitives? One Romance Scammer Hunt Started With A Simple Text (Forbes)

Encryption wars

Encrypted chat data leads to major drug raids in Germany (NBC News)

Daybook

  • Carnegie Mellon University’s Center for Informed Democracy and Social-cybersecurity kicks off its two-day annual conference on July 12.
  • Defending Digital Campaigns hosts a cybersecurity training event for Oregon campaign and election officials on July 13 at 2 p.m.

Secure log off

Loading...