Did you ever think ransomware would be the hottest topic at a White House press conference? It happened this week.
Sure, White House Press Secretary Jen Psaki updated reporters on things like the economy and COVID-19 vaccination numbers—to a collective yawn from the Washington press corps.
What they really want to talk about right now is ransomware. In particular, the Kaseya ransomware attack over the July Fourth weekend which has been attributed to the Russia-based REvil cybercrime group.
What is the mainstream media thinking right now about this topic? Reporters' questions offer us clues. Here is the transcript where reporters asked questions and follow-up questions about Russia and ransomware.
Q: Have you had any communication at all with Russia about this attack? And I'm—I want to ask a few more questions. But President Putin and President Biden met and discussed cybersecurity. Were you under the impression that Putin would do more to prevent these kind of attacks?
Psaki: So, first, let me say—let me give you a little bit of an update. Since the meeting between President Biden and President Putin, we have undertaken expert-level talks that are continuing, and we expect to have another meeting next week focused on ransomware attacks.
And I will just reiterate a message that these officials are sending. As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.
Now, in this case, you know, their—the intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world, so we will continue to allow that assessment to continue. But in our conversations—and we have been in touch directly—we are continuing to convey that message clearly.
Q: So you've been in touch directly with—at what level of government have you been in touch with Russia on this specific issue?
And then, on the ransomware, the FBI has basically told companies not to pay ransomware. Are you aware whether, in this particular case, the ransom of $70 million has been paid? And what advice are you giving to the company?
And, earlier today, the CEO said that the—you know, that critical infrastructure was never at risk. Is that—do you share that assessment?
Psaki: Sure. Well, let me try to take each of your questions, and you can tell me if I missed one.
On ransomware, our—well, what was your first question so I can go in the order?
Q: What level—where have you been in touch? Who have you been—
Psaki: A high level of our national security team has been in touch with a high level of Russian officials.
On your second question—repeat it again now.
Q: Ransomware being paid, has been paid.
Psaki: Our ransomware policy continues to be the same as it has been for several months, which is that we do not advise—we advise against, in fact—companies paying ransomware given it incentivizes bad actors to repeat this behavior. In terms of whether the company has paid ransom, I would refer you to the company.
And in terms of assessments of the impact, we certainly would—we saw the company put out an extensive statement today about what the impacts were on our systems, and we certainly defer to them on the impacts.
And then when Psaki gave reporters an update on something else, ransomware just kept popping up in the questions:
Q: Just one quick follow-up on ransomware, and then two other quick ones. From a response perspective, if this is attributed to REvil and they decide that it's based in Russia, is the President's view that the response will be proportional to just taking that actor offline or actually direct it at the Russian state instead for harboring? How do you guys approach that?
Psaki: It's a good question, Phil. I would say that I'm not going to be able to detail more specifics from here.
But I would note that—and I would reiterate—that the President's view and the administration's view is that, even as it is criminal actors who are taking these actions against the United States or entities—private-sector entities in the United States, even as—even without the engagement of the Russian government, they still have a responsibility. That continues to be the President's view and the administration's view.
In terms of what actions we may or may not take, we'll—I'll allow the national security team to work that through.
And after another topic popped up, reporters had more follow-ups on the Biden Administration and ransomware.
Q: Thank you, Jen. A quick follow-up on the ransomware.
Psaki: Sure.
Q: You mentioned that, after President Biden called on Putin to hold cyber hackers accountable, there have been expert-level talks. Is there any evidence that Putin has done anything to curb cyberattacks in Russia that he's communicated with the U.S.?
Psaki: Well, I—again, I would say it's a little bit disproving a negative there because this is—what we're talking about here is a ransomware attack—attack from likely criminal actors. Again, it hasn't been fully attributed yet, so we're getting a little bit ahead, which I certainly understand, of where things stand.
There are these expert-level talks and negotiations and engagements. That's an important part of the next steps, an important part of what came out of their discussion.
And beyond that, I think what the message is that the President has sent clearly and what we're sending—continuing to send clearly is: Even with these criminal actors—we're not saying they're coming from the government or directed from the government—but even with those actors, they have a responsibility.
So, that's where the policy is, moving forward. I think it's difficult for me to disprove a negative.
And after a brief COVID-19 detour, the questions are back to ransomware:
Q: On ransomware, the company statement goes into a lot of detail about the kinds of victims among its client base—
Psaki: Yeah.
Q: —and points out that they are not related to critical infrastructure. Is that simply about informing people about what's there? Or is that to separate this attack from some of the—the outline the President presented to Vladimir Putin about, sort of, the "no-go" list of critical infrastructure that should not be interfered with from any Russian actor, be it criminal or state or whatever? Do you see that as an important tell?
Psaki: Well, I would say that, of course, there's a unique threat posed by cyberattacks that disrupt critical infrastructure, and there's no question about that. If there's a cyberattack that takes out an entire sector of the American economy, that would have an enormous, broad impact. And we recognize that.
I can't speak to the communication strategy of the company, of course, which I know you're not exactly asking me to do. But I will say that, regardless of whether a cyberattack impacts critical infrastructure, we take it seriously and we reserve the option of responding in a manner and mechanism of our choosing regardless.
But I think there's no question that, in terms of national security threats, if it's critical infrastructure and it's taking out the meat industry or, you know, suppliers who are supplying gasoline, that is something that is a different impact in terms of a national security threat.
Q: How many ransomware attacks before the U.S. retaliates, though?
That question about retaliation was never answered by the White House Press Secretary. Instead, she took another question and the topic changed.
However, if the U.S. keeps its promises to respond to Russian-based cyberattacks, we may soon see the answer to that.
