The White House has for the third time asked Russia to collaborate in the arrest of cybercriminals who multiply the attacks of scale. But this time, the declaration takes on the appearance of an ultimatum.
Colonial Pipeline in May, JBS in June, Kaseya in July. For the third consecutive month, a large-scale ransomware attack has reached the top of the US executive. And for the third time in a row, the White House is publicly calling on Russia to collaborate in the arrest of cybercriminals operating from within its borders. President Joe Biden even spoke on the phone with his Russian counterpart Vladimir Putin on the issue.
” President Biden stressed the need for Russia to take action to stop the activity of ransomware groups operating in Russia », Reports the White House press release, published on July 9. If clearer communication between the two leaders has finally been established recently, the tone of the statements continues to harden. This time, Biden recalled that “ the United States will take any action necessary to defend its people and critical infrastructure “.
Words for now without action
Four days before these statements, the Biden administration was already speaking on the outcome of the Kaseya affair, through the spokesperson for spokesperson Jen Psaki. She announced that the United States would take action against the gangs behind the attacks ” if the Russian government cannot or does not “. In other words, it threatened Russia with American intervention on their territory.
In the sights of the authorities is REvil, one of the most dangerous and noisy gangs in the business. In quick succession, the group ransomed agribusiness giant JBS – which allegedly paid $ 11 million – then software publisher Kaseya from whom it demanded $ 70 million before reducing that amount to $ 50 million. , without the victim giving in.
This latest attack triggered a domino effect, which allowed the ransomware to spread to over a thousand organizations, and even according to REvil on ” over a million systems “. Cybercriminals have exploited a flaw in the Kaseya VSA software that allows fleets of computer systems to be controlled remotely. If they only touched a few dozen victims, each of these victims used the software to manage the network of several dozen, if not hundreds of clients, as many organizations affected by the ransomware.
The dismantling of Darkside as a ray of hope
With these repeated statements, Joe Biden, supported by his G7 allies, attacks a historic position of Russia: as long as cybercriminals do not target organizations in the country or those in his area of influence, local authorities will target them. will leave alone. And it must be said that the chaos caused by cyber attacks plays into the hands of Russian diplomacy: the weaker the others, the stronger it will be in comparison. As a result, many malware has been coded for several years to recognize and spare Russian systems.
The dismantling of the Darkside gang following the Colonial Pipeline affair raised hopes for a paradigm shift. But despite real advances in communication on the subject of cyberattacks, concrete collaboration still seems far away. On the one hand, Russia seems open to joint investigations. On the other hand, it launches its own large-scale cyber attacks against the US government, such as the SolarWinds affair.
But is this enough to push the United States to create a new diplomatic crisis by intervening on its territory?