WASHINGTON — Three weeks after he warned President Vladimir Putin to crack down on criminal hackers striking the U.S. from inside Russia, President Joe Biden is under pressure to respond to the claim of responsibility by a Russia-based hacking group for what is being called the largest ransomware attack in history.
White House officials had said that they never believed Biden's demand to Putin would have immediate effect, and that they would give it six months to determine whether cyberattacks from inside Russia had tapered off. But a massive ransomware attack on Friday, apparently from inside Russia, has scrambled that calculus.
The attack, which private researchers say was carried out by REvil, a group of Russian-speaking hackers believed to operate inside that country, struck hundreds of American companies and more than a thousand in as many as 30 countries, experts say.
REvil has demanded $70 million to unlock the companies' data, after a cyberattack that experts say was particularly devious, spreading malware by co-opting the software of trusted information technology firms in a method previously used largely by government intelligence agencies.
Over the weekend, before REvil took responsibility, Biden said his intelligence agencies were not yet certain the attack came from inside Russia. If that proves to be true, he said, "I told Putin we would respond."
Biden said he would know more Sunday, but no statement was forthcoming Sunday or Monday.
Biden told reporters on Tuesday the attack “appears to have caused minimal damage to U.S. businesses but we're still gathering information…I’m going to have more to say about this in the next several days.”
In a face to face meeting with Putin in Geneva in June, Biden told Putin he would take action if Russia continued to allow cyber criminals to operate with impunity in Russia, officials have said.
White House spokeswoman Jen Psaki said during a daily press briefing that the U.S. government had not yet determined whether the attack came from inside Russia.
She said talks with Moscow over cyber issues were continuing, and that Biden would meet with top advisers Wednesday to discuss the growing problem of ransomware.
"The president will convene key leaders across the interagency including the State Department, Department of Justice, DHS and other members of the intelligence community, to discuss ransomware, and our overall strategic efforts to counter it," she said.
"What he had asked the team to do several weeks ago was to review and assess what our options are and how we can better again put in place partnerships with the private sector, best practices, what levers we have from the federal government, including disruption of ransomware infrastructure and actors."
"What President Biden can and, I expect, will do, is demand Russia live up to its obligations and prevent its territory from being used for these criminal acts," Sen. Mark Warner, D.-Va., the chairman of the Senate Intelligence Committee, said in a statement to NBC News. "If Putin wants Russia to be a productive member of the international community, he could certainly arrest and try these criminals in Russia, or hand them over to stand trial elsewhere."
Warner pointed out that an international agreement to which Russia is a party stipulates that states will not allow their territories to be used by cyber criminals.
"This is the time when President Biden needs to pick up the phone and call Vladimir Putin and tell them enough is enough," said cybersecurity expert Dmitri Alperovitch, chairman of the Silverado Policy Accelerator.
It's clear, he said, that Biden's warning to Putin "has not yet had impact."
"We don't know if that's because the message was not received, President Putin decided to ignore it. Or maybe he just didn't feel like this shouldn't be a top priority issue." Alperovitch said. "Maybe he thought that this would be handled over time and negotiations. But we don't have time here. We need to act. Now. We need to demand that these individuals responsible for this particular hack get arrested, the key gets turned over to the businesses that need to decrypt their data."
Previously, White House officials have downplayed expectations about the warning.
"We didn't set the measure at some verbal commitment from Vladimir Putin that Russian criminals would stop hacking," national security adviser Jake Sullivan said on June 18. "We set the measure at whether over the next 6 to 12 months, attacks against our critical infrastructure actually decline coming out of Russia."
The latest cyberattack coincided with a new national security strategy published Saturday by the Kremlin that strikes a confrontational tone regarding the U.S. and the West, according to published translations.
The 44-page document says growing pressure from Western countries poses a danger to Russian society, according to the German news agency Deutsche Welle.
"The 'Westernization' of culture increases the danger that the Russian Federation will lose its cultural sovereignty," the new strategy says.
The document adds that Russian "traditional spiritual-moral and cultural-historical values are under active attack from the U.S. and its allies," and that Russia "considers it legitimate to take symmetrical and asymmetric measures'' to prevent "unfriendly actions" by foreign states.
Asymmetrical action has included tolerating cyber crime against the West from inside Russia, experts say.
"Traditionally, these criminals have operated with impunity in Russia by and large, as long as they don't target Russian businesses," Alperovitch said. "The Russian law enforcement agencies have either left them alone or, worse, recruited them to work for the state as part of their intelligence apparatus to continue attacks on the West. So at a minimum, they're getting protection, and that needs to stop."