U.S. and Russian officials will meet next week on ransomware – White House

By Raphael Satter and Andrea Shalal

WASHINGTON (Reuters) -Ransomware attacks on U.S. businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior U.S. and Russian officials next week, the White House said on Tuesday.

“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.

The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States. Kaseya said in a statement on Tuesday they were never a threat to critical U.S. infrastructure, however.

The cyberattack was the latest in a series of intrusions from hackers who have made a lucrative business out of holding organizations’ data hostage in return for digital currency payments.

Although cybercrimes have been going on for years, the attacks have escalated dramatically recently, and an intrusion at Colonial Pipeline in May snarled U.S. gasoline supplies up and down the East Coast.

Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and U.S. efforts to counter it.

The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.

Disruption elsewhere was more severe.

In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”

In New Zealand, 11 schools and several kindergartens were affected.

Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.

“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan, Alistair Bell and Sonya Hepinstall)

Putin calls U.S. ransomware allegations an attempt to stir pre-summit trouble

MOSCOW (Reuters) – President Vladimir Putin said on Friday that suggestions the Russian state was linked to high profile ransomware attacks in the United States were absurd and an attempt to stir trouble ahead of his summit this month with U.S. President Joe Biden.

A hack of Brazilian meatpacker JBS’s facilities in the United States, reported this week, is the third such ransomware hack in the country since Biden took office in January.

JBS told the White House it originated from a criminal organization likely based in Russia.

The White House said on Wednesday that Biden, who is due to hold talks with Putin in Geneva on June 16, was expected to discuss the hacking attacks with the Russian leader to see what Moscow could do to prevent such cyber assaults.

U.S. officials have spoken of criminal gangs based in eastern Europe or Russia as the probable culprits. But Kremlin critics have pointed the finger at the Russian state itself, saying it must have had knowledge of the attacks and possibly even be directing them.

Putin, speaking on the sidelines of the St Petersburg Economic Forum, told Russia’s state TV Channel One that the idea of Russian state involvement was absurd.

“It’s just nonsense, it’s funny,” said Putin. “It’s absurd to accuse Russia of this.”

He said he was encouraged however, by what he said were efforts by some people in the United States to question the substance of such allegations and try to work out what is really going on.

“Thank goodness there are people with common sense who are asking (themselves) this question and are putting the question to those who are trying to provoke a new conflict before our meeting with Biden,” said Putin.

Praising Biden as an experienced politician, Putin said he expected the Geneva summit to be held in a positive atmosphere, but did not anticipate any breakthroughs.

The meeting would be more about trying to chart a path to restore battered U.S.-Russia ties which are strained by everything from Russia’s jailing of Kremlin critic Alexei Navalny to Ukraine to Syria, he said.

Earlier on Friday, Putin told the same economic forum that the United States was openly trying to hold back Russia’s development and accused Washington of wielding the dollar as a tool of economic and political competition.

“We have no disagreement with the United States. They only have one point of disagreement – they want to hold back our development, they talk about this publicly,” Putin told the forum.

“Everything else stems from this position,” he said.

Putin also questioned what he said was the harsh way U.S. authorities had dealt with some people detained during the storming of the Capitol in January by supporters of Donald Trump.

(Reporting by Maria Tsvetkova and Tom Balmforth; editing by Andrew Osborn)

White House warns companies to step up cybersecurity

By Doina Chiacu

WASHINGTON (Reuters) – The White House warned corporate executives and business leaders on Thursday to step up security measures to protect against ransomware attacks after intrusions disrupted operations at a meatpacking company and a southeastern oil pipeline.

There has been a significant hike in the frequency and size of ransomware attacks, Anne Neuberger, cybersecurity adviser at the National Security Council, said in a letter.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” she added.

The recent cyberattacks have forced companies to see ransomware as a threat to core business operations and not just data theft, as ransomware attacks have shifted from stealing to disrupting operations, she said.

Strengthening the country’s resilience to cyberattacks was one of President Joe Biden’s top priorities, she added.

“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote.

The letter came after a major meatpacker resumed U.S. operations on Wednesday following a ransomware attack that disrupted meat production in North America and Australia.

A Russia-linked hacking group that goes by the name of REvil and Sodinokibi was behind the cyberattack against JBS SA, a source familiar with the matter told Reuters.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.

Biden believes Russian President Vladimir Putin has a role to play in preventing these attacks and planned to bring up the issue during their summit this month, White House press secretary Jen Psaki said on Wednesday.

Neuberger’s letter outlined immediate steps companies can take to protect themselves from ransomware attacks, which can have ripple effects far beyond the company and its customers.

Those include best practices such as multifactor authentication, endpoint detection and response, encryption and a skilled security team. Companies should back up data and regularly test systems, as well as update and patch systems promptly.

Neuberger advised that companies test incident response plans and use a third party to test the security team’s work.

She said it was critical that corporate business functions and production operations be run on separate networks.

(Reporting by Doina Chiacu; Editing by David Holmes and Steve Orlofsky)