Minutes after US President Joe Biden announced new sanctions on Russian banks and elites Tuesday, a senior FBI cyber official asked US businesses and local governments to be mindful of the potential for ransomware attacks as the crisis over the Kremlin’s invasion of Ukraine deepens.
Russia is a “permissive operating environment” for cybercriminals, one that “is not going to get any smaller” as Russia’s confrontation with the West over Ukraine continues and further sanctions are announced, the FBI’s David Ring said on a phone briefing with private executives and state and local officials, according to two people who were on the call.
Ring asked state and local officials and business executives to consider how ransomware attacks could disrupt the provision of critical services, the people on the call said.
US officials continue to say there are “no specific, credible” threats to the US homeland tied to tensions with Russia over Ukraine, but they are preaching vigilance.
The willingness of Russian-speaking cybercriminals to disrupt US critical infrastructure has been a US concern for years, but came to a head last year when a ransomware attack forced major fuel transporter Colonial Pipeline to shut down for days.
The phone call was one of a series of recurring briefings that FBI and Department of Homeland Security officials have had for US companies and local governments in the last two months in light of US tensions with Russia over Ukraine. It was scheduled before it was clear that Biden was addressing Russia’s latest moves in Ukraine on Tuesday.
The US President announced the “first tranche” of sanctions against Russian entities for Russian President Vladimir Putin’s decision to recognize two breakaway regions in Ukraine and send troops there.
The US could also see “a possible increase in cyber threat activity” from Russian state-backed hackers as a result of those sanctions, Ring said, according to the people on the call.
“DHS has been engaging in an outreach campaign to ensure that public and private sector partners are aware of evolving cybersecurity risks and taking steps to increase their cybersecurity preparedness,” a DHS spokesperson said in a statement.
CNN has requested comment from the FBI.
The extortion of Colonial Pipeline underscored for Biden administration officials the economic and national security threat posed by ransomware. The incident triggered long lines at gas stations in multiple US states and prompted Biden to call on Russian President Vladimir Putin to rein in cybercriminals operating from Russian soil.
More background: While ransomware attacks on US organizations by Russian-speaking hackers have continued, Russian authorities have dangled the prospect of cracking down on some groups in recent months, as the standoff of Ukraine brewed.
The US believes Russia has detained the person responsible for the Colonial Pipeline hack, but any cooperation between the two governments on cybercrime could be elusive if relations further deteriorate over Ukraine, according to some analysts.
After the cyberattacks on Ukrainian government and banking websites last week that the Biden administration blamed on Russia’s military intelligence directorate, US officials continue to see Russian cyber operations as likely playing a role in any further military invasion.
In the event of a larger conflict between Russia and Ukraine, US officials are concerned that transportation networks and broadcast media in Ukraine could be shut down by kinetic or cyberattacks, Matthew Hackner, an official in DHS’s Office of Intelligence and Analysis, said on Tuesday’s phone briefing, according to people on the call.