On Saturday, US President Joe Biden said there is no confidence in Washington about whether the Russian government is involved in a recent sophisticated ransomware attack.
Thousands of victims in about 17 countries have been affected by “the single biggest global ransomware attack on record”, Politico has reported, accusing the hacker group REvil of being involved in the breach.
The US news outlet cited cybersecurity firm Sophos as saying that “a broad array of businesses and public agencies” were damaged by Friday’s attack, “apparently on all continents, including in financial services, travel and leisure, and the public sector”.
The ransomware breach rode roughshod over most of the Swedish grocery chain Coop’s 800 stores, as well as the country’s pharmacy and gas station chains, plus the state railway and the public broadcaster SVT, according to Politico.
Also affected were several thousand customers of a German IT services company and two such firms in the Netherlands, VelzArt and Hoppenbrouwer Techniek.
Ross McKerchar, chief information security officer at Sophos, for his part, told Poltico that “we haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay”.
Fred Voccola, CEO of the breached software company Kaseya, claimed that Friday’s attack affected mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that”.
Voccola additionally referred to what he described as an “extraordinary level of sophistication” pertaining to the attack launched by a REvil affiliate with supposed ties to Russian hackers, according to Politico.
The report followed US President Joe Biden saying that “the initial thinking was it [the attack] was not [endorsed by] the Russian government, but we’re not sure yet”. POTUS ordered the “full resources of the federal government” to investigate the incident as the FBI released a statement, saying it is looking into the circumstances of the incident in coordination with both Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA).
The remarks came after the Russian Embassy in the US “strictly” denied any Russian involvement in attacks “on government and private facilities in the United States and abroad”.
“We emphasize that fighting against cybercrime is an inherent priority for Russia and an integral part of its state policy to combat all forms of crime. A wide range of law enforcement instruments is used for its implementation”, the embassy wrote on its Facebook page.
The Russian diplomats also expressed hope that “the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security, and in this context, joint efforts to combat cybercrime”.
The comments were preceded by a joint report by the US National Security Agency (NSA), CISA, the Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) that was published earlier in the week.
In the report, the intelligence agencies argued that Russia’s military intelligence service, the GRU, has been carrying out a “global brute force campaign”, allegedly targeting “enterprise and cloud environments”. The document, however, elaborated more on techniques and methods supposedly used by the GRU rather than providing evidence to support the claims.
In late December 2020, CISA said that hackers, who used corrupted SolarWinds software to install malicious programs, were “impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations” in the country.
Early accusations quickly ran to Russia, with then-US Secretary of State Mike Pompeo claiming that Russia was “pretty clearly” responsible and then-US President-elect Joe Biden saying that his forthcoming administration would consider sanctioning Moscow as punishment.
In response, Kremlin spokesperson Dmitry Peskov stressed that Russia had played no part in the hacking operations and that the accusations were “unfounded” and the result of “blind Russophobia”.
Western countries have spent years accusing Moscow of carrying out an array of hack attacks targeting everything from government servers and businesses to power grids and even election-related infrastructure. Russian officials have repeatedly asked for but never received concrete evidence its corroborate such allegations.