Amidst a flurry of news media and cyber expert reports alleging a ransomware attack that affected somewhere between 40 and “thousands” of companies, President Biden has ordered the intelligence community to figure out what happened. While at a cherry festival in Traverse, Michigan yesterday, Biden answered questions about the reports, which are posted to the White House website:
“We’re not sure if it’s the Russians…. I got a brief … as I was on the plane….
I’ll tell you what they sent me…. First of all, we’re not sure who it is for certain, number one. And what I did, I directed the full resources of the government to assist in the response if we determine…. And the fact is that I directed the intelligence community to give me a deep dive on what’s happened, and I’ll know better tomorrow. And if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.…” A reporter interrupted, asking, if he had already told Putin, to which Biden replied: No. No. I haven’t called because we’re not certain. And the initial thinking was it was not the Russian government, but we’re not sure yet.”
Media reports indicate a many-pronged attack. It is reported that the Swedish grocery chain, Coop, with 800 stores, was unable to open most locations because their cash registers were disabled. The Swedish state railway and a pharmacy chain also reported difficulties. Unnamed cyber security experts are reported to have named the “Russian speaking” “REvil gang” as the perpetrators. REvil is alleged to have attacked a software service firm, Kaseya. Kaseya’s CEO Fred Voccola has announced that they have identified the problem and will send out a patch to clients. The security expert, John Hammond of Huntress Labs is reported to have said that many “managed service” companies were attacked. Various other opinions of security experts have been reported. So far, there are no reports of any law enforcement measures being taken against an identified perpetrator. Only scattered details, generally sourced to “experts,” not necessarily with direct knowledge of the attacks, have been reported. Although reports were issued internationally about this attack on July 3, there are few media reports concerning it today.