Despite public statements that U.S. talks with Russia are pressing forward on cyber attacks, some of President Joe Biden’s own aides are skeptical that President Vladimir Putin will act to rein in cyber criminals based there. “He’s not going to,” says one Biden Administration official, speaking about Putin taking steps to crack down on hacks originating in Russia and on Russian networks. The official says several members of Biden’s team are doubtful. Without Putin intervening, “the criminal groups will keep doing what they’re doing” the official says. “He’s wreaking havoc.”
When the two leaders met in Geneva in June, Biden asked Putin to help crack down on criminal hackers working in Russia that have been targeting American institutions and businesses. Less than a month later, Russian hackers allegedly broke into computers used by a contractor for Republican National Committee, and a Russian cyber criminal network activated another massive international ransomware attack that targeted an estimated 1,500 businesses, some in the U.S.
U.S. intelligence officials have watched ransomware attacks escalate in scale and sophistication as relations between Washington and Moscow grew increasingly strained in recent years. Russia’s invasion of Ukraine, Putin’s meddling in U.S. elections, the Congressional investigation into links between President Donald Trump’s campaign and the Kremlin, and Trump’s unpredictable public statements about Russia put the countries on adversarial footing, preventing high-level discussions to outline rules of the road and clear consequences for aggressive hacking.
When Biden met Putin on June 16, the American President tried to change that. The leaders agreed to set up meetings between senior cyber security experts in their governments. In multiple meetings since, the White House has told Russian officials that the U.S. expects Russia to shut down criminal groups launching ransomware attacks from inside Russia or using Russian networks, according to a White House official. A meeting between the two countries on ransomware attacks specifically is scheduled for next week.
Since the fresh attacks, pressure has been mounting on Biden to push Putin to intervene against Russian criminal hackers and, in some cases, his own security forces, to get them to tamp down the attacks. The White House has publicly brushed all that aside for now, emphasizing that talks with Moscow are continuing and need time to show results. Biden himself is not frustrated with Russia’s slow response, White House Press Secretary Jen Psaki said in response to a question from TIME on July 6. “The meeting with the Russian President was just a couple of weeks ago. We’ve had ongoing meetings at an expert level pretty much since that point in time,” said Psaki.
Even if some administration officials doubt the talks will be fruitful, there’s a genuine benefit an open line of communication, says Philip Reiner, the head of the Institute for Security and Technology and a former White House national security official under President Barack Obama. “The fact that they’re even talking is actually a very positive thing,” says Reiner. Russian officials “do have a history of slow rolling these things and so hopefully this time it bears out differently,” he says.
If Russia doesn’t follow through on reigning in the hacks operating in its borders, the Biden Administration has various levers to pull, including additional economic sanctions and offensive hacks that can hobble the networks the hackers are using. “It starts with the question of, ‘Does Vladimir Putin want to be seen and have his country be seen as part of the legitimate international system?’” Reiner says.
In the meantime, U.S. officials at the FBI, Department of Justice and Department of Homeland Security have been scrambling to shore up massive vulnerabilities in the computer systems of U.S. businesses and government contractors. Cybersecurity company Emisoft found at least 2,354 U.S.-based governments, healthcare facilities, and schools were victims of ransomware in 2020, with payments totaling more than $900 million.
The Department of Justice has been working to expand its ability to seize Bitcoin and other cryptocurrencies used to pay off criminal hackers in exchange for unlocking hijacked computer systems. In June, Justice officials said they were able to seize $2.3 million in Bitcoin paid as ransom to hackers behind the Colonial Pipeline hack that caused fuel disruptions and caused a run on gasoline along the East Coast in May. U.S. intelligence agencies have also been weighing cyber operations that could disrupt and disable criminal outfits from launching the attacks, particularly those based in Russia or using Russian internet infrastructure for their operations.
U.S. officials are still waiting to see if the June summit and subsequent talks lead to any decrease in attacks on critical infrastructure, such as pipelines, healthcare facilities, food processing plants and other parts of the U.S. economy, where a shutdown would be debilitating. When they met in Geneva, Biden gave Putin a list of 16 sectors the U.S. considers off limits. The government has also formed a group with energy companies called the Cybersecurity Industrial Control Systems Initiative to better protect the energy grid, and plans to expand that pilot program to water systems, the chemical industry and pipelines in the coming months.
One of the challenges of tracking the breadth of ransomware attacks in the U.S. is that U.S. companies are not required to report cyber incursions—and many don’t. The FBI runs the Internet Crime Complaint Center, known as IC3, but participation in that reporting process is voluntary. Officials believe that many ransomware hacks go unreported because companies are concerned about public criticism, loss of business or civil lawsuits.
Biden Administration officials are trying to convince American companies to better protect their own computer systems. After the Colonial hack, Biden issued an executive order requiring companies that do business with the federal government to adhere to a series of security conditions to prevent hacks, requirements the White House hopes will be adopted by companies across sectors.
In early June, Anne Neuberger, a senior White House advisor on cyber security, told U.S. businesses to see ransomware as a threat to their basic ability to operate. She said businesses should immediately adopt multi-factor authentication for accessing networks, work to detect intrusions, encrypt stored data so it can’t be used even if it is stolen, and other steps. She has since warned that local governments are at risk, too. On July 6, Neuberger met virtually with a large group of U.S. mayors to sound the alarm on the vulnerabilities ransomware hackers present to U.S. cities and to describe several steps to protect their networks.
When it comes to ransoms demanded by hackers that have locked up computer systems, the Biden Administration’s advice to companies is not to pay them. In the July 6 press conference, Psaki said that the U.S. “ransomware policy continues to be the same as it has been for several months, which is that we do not advise—we advise against, in fact—companies paying ransomware given it incentivizes bad actors to repeat this behavior.”