WASHINGTON — President Joe Biden told Russian President Vladimir Putin in a Friday phone call that he must “take action” against cybercriminals acting in his country and that the U.S. reserves the right to “defend its people and its critical infrastructure,” the White House said.
The conversation came less than a month after the two leaders met in Geneva, when Biden warned against continuing cyberattacks emanating from Russia. A new ransomware attack linked to the REvil hacking group based in Russia caused widespread disruption last weekend, affecting as many as 1,500 businesses.
“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it was not, not sponsored by the state, we expect him to act,” Biden said, speaking to reporters at an event on economic competitiveness. Asked whether there will be consequences, he said, “Yes.”
The White House said in an earlier statement that Biden “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia” and “reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.”
Biden also “emphasized that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said. Biden told reporters that the U.S. and Russia have set up a means of communicating for when either country sees something happening. “It went well, I’m optimistic,” he said.
Friday’s call underscored the extent to which the ransomware threat from criminal hacker gangs has mushroomed into an urgent national security challenge for the White House, and it suggested a possible concession by the administration that earlier warnings to Putin had failed to curb a criminal activity that has taken aim at businesses across the globe.
The White House statement announcing the hourlong call with Putin highlighted a U.S.-Russian agreement that will allow humanitarian aid to flow into Syria. The dual prongs of the agenda show how even as Biden pledges to get tough on Russia over hacking, there’s an inherent desire to avoid aggravating tensions as the administration looks for Russia to cooperate, or at least not interfere, with U.S. actions in other areas, including Syria, the Afghanistan withdrawal and climate change.
The White House declined to discuss the tone of Biden’s call, though press secretary Jen Psaki said it did focus significantly on the latest breach, which cybersecurity researchers have said infected victims in at least 17 countries, largely through firms that remotely manage IT infrastructure for multiple customers.
Though Biden had previously said the attack had caused “minimal damage,” and it did not appear to target vital infrastructure, the sheer global scale and the fact that it occurred so soon after the Geneva meeting put immediate pressure on the administration to have some sort of response.
Officials did not immediately announce any specific actions they were taking or would consider taking. There are few easy options to resolve the threat without risking a conflict that could spiral out of control beyond the cybersecurity realm.
