U.S. President Joe Biden speaks before signing an executive order in the State Dining Room of the White House in Washington, D.C., U.S., on Friday, July 9, 2021.
Alex Edelman | Bloomberg | Getty Images
“I made it very clear to [Putin] that the United States expects, when a ransomware operation is coming from their soil even though it’s not, not, sponsored by the state, that we expect them to act if we give them enough information to act on who that is,” Biden said Friday afternoon at the White House.
Asked by a reporter whether there would be “consequences” for such attacks, Biden replied, “Yes.”
The U.S. and Russia, the president said, have established a “means of communications now, on a regular basis, to be able to communicate with one another when each of us thinks something’s happening in another country that affects the home country.”
Overall, the call “went well, I’m optimistic,” said Biden.
The conversation came just days after a massive new cyberattack by the group REvil, believed to be based in Russia.
The hacker gang is demanding $70 million in cryptocurrency to unlock data from the attack, which spread to hundreds of small and medium-sized businesses across a dozen countries.
A senior administration official said Friday that the United States will “take action” to respond to the attack.
“We’re not going to telegraph what those actions will be, precisely. Some will be manifest and visible, some of them may not be, but we expect those to take place in the days and weeks ahead,” said the official, who requested anonymity in order to discuss sensitive negotiations.
The official spoke just moments after Biden, boarding Air Force One en route to Delaware, was asked whether it makes sense for the United States to attack the actual servers from which ransomware attacks originate. Biden replied, “Yes.”
The latest REvil attack is part of a string of serious ransomware attacks that have been carried out this spring and summer by groups originating in Russia.
In May, REvil targeted JBS, the world’s largest meat supplier. The company ultimately paid $11 million in ransom, but not before it briefly shut down its entire U.S. operation.
Earlier that same month, a different cyber criminal group targeted the operator of the nation’s largest gas pipeline, Colonial Pipeline. The attack forced the company to shut down approximately 5,500 miles of pipeline, leading to a disruption of nearly half of the East Coast’s fuel supply.
As of early Friday afternoon, the Kremlin had not yet released its own readout of the Biden-Putin call, so it’s unclear exactly how the Russian president responded to Biden’s pressure.
White House press secretary Jen Psaki told reporters Friday that the United States had no new information to suggest that the Russian government was directly responsible for the attacks.
Putin has consistently denied any involvement or direct knowledge of ransomware attacks originating in Russia.
But U.S. officials say the idea that Putin is unaware of who these attackers are isn’t credible, given the tight grip he maintains over Russia’s intelligence services and its murkier, off-the-books network of contractors.
In June, Biden met with Putin in person in Geneva, where he warned the Russian president to crack down on cyberattacks originating in Russia.
U.S. President Joe Biden gestures as he holds a news conference after the U.S.-Russia summit with Russia’s President Vladimir Putin, in Geneva, Switzerland, June 16, 2021.
Kevin Lamarque | Reuters
There, Biden said he presented Putin with a list of critical infrastructure in the United States that, were it to be attacked by Russian based cyber criminals, would constitute a serious national security threat to the U.S.
“Certain critical infrastructures should be off-limits to attack, period, by cyber or any other means,” said Biden following the meeting. “I gave them a list, 16 specific entities defined as critical infrastructure under U.S. policy, from the energy sector to water systems.”
“So we agreed to task experts in both our countries to work on specific understandings about what’s off-limits and to follow up on specific cases that originate in other countries and in either of our countries,” he said.
By identifying critical infrastructure as off-limits, Biden was also drawing a circle around targets that, should they be attacked by state or nonstate actors, would likely merit a governmental response.
The White House has so far declined to detail what retaliatory action the United States is taking or has taken against the cyber criminals themselves in several recent attacks, citing the need for such information to remain classified.
During the call Friday, Putin and Biden also commended each other for the joint work their teams undertook following the meeting in Geneva, the White House said.
That work led to an important U.N. Security Council vote Friday to resume the delivery of humanitarian aid into Syria.
4:00 P.M. — This story has been updated to include President Joe Biden’s comments on the call, as well as remarks by a senior administration official.
— CNBC’s Kevin Breuninger contributed to this report.