A ransomware attack on software vendor Kaseya may have compromised hundreds of companies and raises new questions about relations between the United States and Russia.
Security experts blame REvil, a cybercrime organization linked to the Russian government, for the July 2 attack on Kaseya’s VSA network monitoring and management software. Thousands of small and medium-sized businesses use the software package, and up to 1,500 businesses were affected by the attack, the company said on July 5. The company has been issuing frequent updates in its efforts to contain the attack.
The attackers were demanding a $70 million ransom to unlock all the affected computers.
President Joe Biden has recently threatened to respond to cyberattacks tied to the Russian government, but he’s so far declined to link the Kaseya attack to actors there. However, if the Russian government was involved or had knowledge of the attack, the U.S. will respond, he told reporters on July 3.
White House press secretary Jen Psaki repeated U.S. threats during a press briefing on July 6. “If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” she said.
While Biden suggested that critical infrastructure wasn’t affected in the attack, several cybersecurity experts said the Kaseya attack could escalate tensions between the U.S. and Russia.
“Many of these attacks are being attributed to ransomware gangs that are housed in the Russian Federation,” said Chase Cunningham, chief strategy officer at cybersecurity vendor Ericom. “It is logical to think that some elements of the Russian intelligence apparatus are at least aware of these types of operations.”
The timing of the attack over the July 4 holiday weekend suggests that the attackers were engaging in “good cyber tradecraft,” Cunningham told the Washington Examiner.
The internet has become a new domain for warfare, in addition to traditional areas, such as land and sea, added Carl Herberger, vice president for security services at cybersecurity vendor CyberSheath. “Those countries being found responsible for attacks on sovereign U.S. citizens, companies, or interests should be dealt with in the same way we deal with altercations on the other domains of geopolitics,” he told the Washington Examiner. “The day has come to hold warring parties responsible for their asymmetric efforts.”
Other cybersecurity experts questioned whether this attack would prompt significant changes in U.S.-Russia relations. The Biden administration is talking tough, but so far, it hasn’t been willing to follow through, said Richard Blech, CEO of encryption vendor XSOC Corp.
“There should be strong implications, but it appears so far that this administration is not going to play a strong hand with Russia,” he told the Washington Examiner. “The White House seems to only shake a stick and does not really take the necessary corrective actions that this government can and is fully cable of doing to equalize the playing field.”
Still, it will be difficult for the Biden administration to link the attacks to the Russian government, even if that’s what happened, other security experts said.
“Russia is known for using cutouts or proxies to carry out attacks,” said David Grantham, an intelligence consultant and author. “And the greatest struggle will be assigning attribution to the Russian government because few, if any, ever want to lay full responsibility at the feet of a near-peer adversary, lest it triggers a kinetic war.”
If the Biden administration assigns attribution to the Russian government, that would suggest that the government there is a viable target for a response, triggering Russian action, he told the Washington Examiner.
“Attribution remains the most important geopolitical angle,” he added. “We are, you could say, in a cyber cold war where battles are fought, by and large, through proxies and where governments can deny culpability. No countries want to trigger a massive war, but they do want to get as close to that line as possible to hurt their adversaries.”
Washington Examiner Videos
Original Author: Grant Gross
Original Location: Another ransomware attack could escalate US-Russia tensions