President Joe Biden urged Russian President Vladimir Putin to take action to disrupt criminal ransomware groups in Russia on a call Friday morning – their first publicized discussion since a summit in Geneva last month – but the Kremlin says American agencies have not made any formal appeals in the last month regarding recent cyberattacks.
Following an executive order signing at the White House on Friday afternoon, Biden indicated he and Putin have established a more direct means of communication. He also underscored that Putin will need to act on ransomware operations that take originate from Russian actors.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil – even though it’s not sponsored by the state – we expect him to act. And we’ve given him enough information to act on who that is,” Biden said.
He continued, “We’ve set up a means of communications now, on a regular basis, to be able to communicate to one another when each of us thinks something’s happening in the other country. It affects the home country. And so it went well. I’m optimistic.”
Asked if there will be consequences for Russia, Biden said, “Yes.”
The White House similarly relayed in an earlier statement that during the call, “Biden underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware.”
“President Biden reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge,” the statement continued.
Later Friday, the President also said it makes sense to target servers used by Russian cyber criminals in response to their attacks.
A Kremlin statement released Friday afternoon indicated that the two leaders discussed “the need for substantive and constructive cooperation” between Russia and the United States on matters relating to cybersecurity. But the statement also suggested the US had not made any formal appeals to Russia regarding recent cyberattacks.
“In the context of recent reports about a series of cyberattacks allegedly committed from the territory of Russia, Vladimir Putin noted that, despite the readiness of the Russian side to jointly suppress criminal manifestations in the information space, no appeals on these issues have been made by the competent US agencies over the past month,” the statement said.
But the Biden administration is maintaining that the US had issued direct request to Russia.
“We have relayed multiple, specific requests for action on cyber criminals to Russia through official channels and been clear about what Russia’s responsibility is with regard to taking action,” a senior administration official told reporters.
White House press secretary Jen Psaki elaborated during Friday’s press briefing that Biden “reiterated his expectation that President Putin take action, even if it is not directed by the Russian government, if it is because of criminal actors in his own country.” The call lasted about an hour, she said.
“This is the first time – even though ransomware attacks have been increasing over the past 18 months, if not longer – that there has been this level of engagement at this level. And certainly the President knew, even when they met in Geneva, that there would be a need for ongoing discussions and engagements,” Psaki said.
She added that Biden has “always believed this was going to need to be an ongoing diplomatic engagement with the Russians,” adding, “We’ve had expert level talks, we’ve had those talks focused on cyber, focused on ransomware, but he also understands that there’s going to need to be talks at times at the leader level.”
The two leaders also discussed the recent renewal of cross-border humanitarian assistance to Syria in the UN Security Council, according to the White House. The Kremlin said Putin also expressed his condolences over the residential building collapse in Surfside, Florida.
Biden confronted Putin about cyber attacks by Russia-based actors during the Geneva summit. And earlier this week, Psaki said the White House has conveyed to Russian officials that there is a responsibility to respond after recent cyber attacks and that the US stands ready to “take action” if necessary.
The White House indicated earlier this week that top national security officials have been in contact with a “high level” of Russian officials regarding the ransomware attack on software vendor Kaseya.
Earlier, the White House said the Intelligence Community had not yet attributed the attack, but noted the group believed to be responsible, REvil, operates out of Russia.
The Republican National Committee said on Wednesday that its networks were not breached and its data not accessed after an IT provider used by the RNC said it’s “conducting a thorough review of a few instances in which outside actors have attempted to gain access.”
The contractor, Synnex, declined to say when the attempts happened and to what extent the RNC was targeted. The RNC says that upon hearing that Synnex was breached, it “immediately blocked all access from Synnex accounts.”
The New York Times reported that the hackers behind the Synnex attack were from Russia’s foreign intelligence service, the SVR, citing investigators in the case. If true, it’s the same group of hackers who carried out the massive SolarWinds hack and the attack on the Democratic National Committee in 2015.
CNN’s DJ Judd, Alex Marquardt, Zachary Cohen and Kevin Liptak contributed to this report.