Minutes after President Joe Biden announced new sanctions on Russian banks and elites on Tuesday, a senior FBI cyber official asked US businesses and local governments to be mindful of the potential for ransomware attacks as the crisis between the Kremlin and Ukraine deepens.
Russia is a “permissive operating environment” for cybercriminals – one that “is not going to get any smaller” as Russia’s confrontation with the West over Ukraine continues and further sanctions are announced, the FBI’s David Ring said on a phone briefing with private executives and state and local officials, according to two people who were on the call.
Ring asked state and local officials and business executives to consider how ransomware attacks could disrupt the provision of critical services, the people on the call said.
US officials continue to say there are “no specific, credible” threats to the US homeland tied to tensions with Russia over Ukraine, but they are preaching vigilance.
The willingness of Russian-speaking cybercriminals to disrupt US critical infrastructure has been a US concern for years, but it came to a head last year when a ransomware attack forced major fuel transporter Colonial Pipeline to shut down for days.
The phone call was one in a series of briefings that FBI and Department of Homeland Security officials have had for US companies and local governments in the last two months in light of US tensions with Russia over Ukraine. It had been scheduled before it was clear that Biden would address Russia’s latest moves in Ukraine on Tuesday. The US President announced the “first tranche” of sanctions against Russian entities for Russian President Vladimir Putin’s decision to recognize two breakaway regions in Ukraine and send troops there.
The US could also see “a possible increase in cyber threat activity” from Russian state-backed hackers as a result of those sanctions, Ring said, according to the people on the call.
“DHS has been engaging in an outreach campaign to ensure that public and private sector partners are aware of evolving cybersecurity risks and taking steps to increase their cybersecurity preparedness,” a DHS spokesperson said in a statement.
CNN has requested comment from the FBI.
The extortion of Colonial Pipeline had underscored for Biden administration officials the economic and national security threat posed by ransomware. The incident triggered long lines at gas stations in multiple US states and prompted Biden to call on Putin to rein in cybercriminals operating from Russian soil.
While ransomware attacks on US organizations by Russian-speaking hackers have continued, Russian authorities have dangled the prospect of cracking down on some groups in recent months, as the standoff over Ukraine brewed.
US officials said last month that they believe Russia has detained the person responsible for the Colonial Pipeline hack, but any cooperation between the two governments on cybercrime could be elusive if relations further deteriorate over Ukraine, according to some analysts.
After the cyberattacks on Ukrainian government and banking websites last week that the Biden administration blamed on Russia’s military intelligence directorate, US officials continue to see Russian cyber operations as likely playing a role in any further military invasion.
In the event of a larger conflict between Russia and Ukraine, US officials are concerned that transportation networks and broadcast media in Ukraine could be shut down by kinetic or cyberattacks, Matthew Hackner, an official in DHS’ Office of Intelligence and Analysis, said on Tuesday’s phone briefing, according to people on the call.