Friday’s call came only three weeks after the onslaught of ransomware attacks dominated their first summit, in Geneva. Immediately after that meeting, Mr. Biden said he told the Russian president he would respond “in a cyber way” against Russia if Mr. Putin failed to take action against groups operating on its territory.
But that three-hour meeting was largely a generic discussion of the issue, and an effort to convince Mr. Putin that the presence of the criminal cybergroups on Russian networks was not in Moscow’s interest, either. By calling right after REvil’s latest attack, he was essentially creating a test of Mr. Putin’s willingness to act. But Mr. Biden declined to say whether the United States had asked for specific action against individuals that it believes are part of REvil.
While the United States and Russia have long sparred over state-sponsored attacks — including the SolarWinds espionage operation by Russia’s elite S.V.R. intelligence agency, or the Russian military intelligence unit’s hacking of the Democratic National Committee and its release of embarrassing emails in 2016 — ransomware attacks are of a different nature. Administration officials fear that, if left unaddressed, they could cripple key sectors of the U.S. economy. And they suspect that Russian authorities are tolerating the groups — and sometimes dipping into their talent pool for intelligence and other cyberoperations.
The White House blamed a Russian ransomware group, called DarkSide, for the attack on Colonial Pipeline that halted gasoline and jet fuel deliveries up the East Coast this spring. REvil is believed to have been behind the attack against one of the country’s largest meat processors, JBS, that briefly shut down production in late May. The company paid REvil $11 million in cryptocurrency.
July 9, 2021, 6:36 p.m. ET
But REvil’s attack over the Fourth of July holiday was an escalation, officials said, not only for its timing, following the Geneva summit, but because the attack was unusually advanced in technique and aggressive in scope. Instead of targeting one company directly, REvil breached a Florida technology company that holds high-level access to tech firms that service thousands of other companies. Had the company, Kaseya, not caught the attack quickly, the effects could have been cataclysmic, officials and cybersecurity experts say.
Mr. Biden’s challenge to Mr. Putin could pose a major credibility test in coming weeks — and further escalate a Cold War-like series of confrontations between the United States and Russia, now fought in cyberspace rather than across the Berlin Wall.
Until recently, the United States has largely treated ransomware as a criminal problem, indicting leading actors if it could identify them. Few ever saw the inside of an American courtroom.