Biden Weighs a Response to Ransomware Attacks

The president summoned his top cybersecurity advisers to consider immediate action to disrupt Russian incursions.

By David E. Sanger and Nicole Perlroth

President Biden emerged from a Situation Room meeting with his top cybersecurity advisers on Wednesday to declare that he “will deliver” a response to President Vladimir V. Putin of Russia for the wave of ransomware attacks hitting American companies, after hearing a series of options about how he could disrupt the extortion efforts.

Mr. Biden’s vague statement, delivered as he was departing for a trip, left it unclear whether he was planning another verbal warning to Mr. Putin — similar to the one he issued three weeks ago during a one-on-one summit in Geneva — or would move ahead with more aggressive options to dismantle the infrastructure used by Russian-language criminal groups.

Each option runs significant risk, because Russia is capable of escalating its own behavior. And as the ransomware deluge has shown, many companies in the private sector and federal and state government agencies remain rife with vulnerabilities that Russian actors can find and exploit.

After more than three decades in government, Mr. Biden seems comparatively less concerned about hacking operations focused on espionage, activity that all countries conduct and that the United States carries out every day against its geopolitical rivals. But he has been alarmed by the economic disruption of ransomware, especially since gasoline, jet fuel and diesel shortages gripped the East Coast after a ransomware attack on Colonial Pipeline two months ago.

Attacks using ransomware, a form of malware that encrypts data until the victim pays, have grown increasingly disruptive and costly.

The White House’s argument is that the attacks are emanating from Russian territory, so it is Mr. Putin’s responsibility to take them down — and that the United States will act if he does not.

Mr. Biden’s aides provided few details of the Wednesday morning meeting, which included key leaders from the State Department, the Justice Department and the Department of Homeland Security, and other members of the intelligence community. But they said it focused on immediate options — not the longer-term policy for dealing with ransomware that is expected in the coming weeks.

Source: Read Full Article