Joe Biden has said his government is not sure who was behind a major ransomware attack that hit hundreds of US businesses – but he did not rule out Russian influence.

A “colossal and devastating” ransomware attack is thought to have paralysed the networks of at least 200 US companies.

The federal Cybersecurity and Infrastructure Security Agency has said it is closely monitoring the situation and is working with the FBI to collect more information about the impact of the attack.

President Joe Biden visits the store at King Orchards fruit farm Saturday, July 3, 2021, in Central Lake, Mich. (AP Photo/Alex Brandon)
Image:
Joe Biden says he is not sure who was behind a major ransomware attack. Pic: AP

President Biden said the government’s “initial thinking” is that it was not Russian hackers that was behind the attack, but adds that they “weren’t sure yet”.

The president added he has told intelligence agencies to investigate, and that if it was a Russian attack, there will be a response.

The Swedish Coop grocery store chain closed all its 800 stores on Saturday after its American IT provider was hit by the attack, leaving it unable to operate its cash registers.

John Hammond of the security firm Huntress Labs said earlier that the REvil gang, a major Russian-speaking ransomware syndicate, appears to be responsible for the attack.

More on Joe Biden

REvil steals data from its targets before activating the ransomware to strengthen its extortion efforts.

Mr Hammond said the criminals targeted a software supplier called Kaseya, using its network management as a way to spread the ransomware through cloud-service providers.

“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” he said on Twitter.

“This is a colossal and devastating supply chain attack.”

He added he was aware of four companies that host IT infrastructure for multiple customers being hit by the ransomware, which encrypts networks until the victims pay off attackers.

“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” he said.

Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when less IT staff are traditionally on duty.

Such cyberattacks typically infiltrate widely-used software and spread malware as it updates automatically.

It is not yet clear how many Kaseya customers might be affected or who they might be.

Kaseya said the attack was limited to a “small number” of its customers and had urged them to immediately shut down servers running the affected software.

Privately-run Kaseya says it is based in Dublin and has its US headquarters in Miami.

You May Also Like

Kutcher and Kunis mock the debate over their relaxed bathing habits

Hollywood power couple Ashton Kutcher and Mila Kunis have mocked the fallout…

US to double climate change finance to poorer nations, says Biden

The US will again double the money it gives to help developing…

Teacher wounded in Uvalde school shooting condemns ‘coward’ police for failing to save students

A teacher who survived the Texas school shooting said he will never…

How new technology helped a stroke survivor move her hand for first time in nine years

A stroke survivor has been able to move her hand and arm…