U.S. and Russian officials will meet next week on ransomware – White House

By Raphael Satter and Andrea Shalal

WASHINGTON (Reuters) -Ransomware attacks on U.S. businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior U.S. and Russian officials next week, the White House said on Tuesday.

“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.

The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States. Kaseya said in a statement on Tuesday they were never a threat to critical U.S. infrastructure, however.

The cyberattack was the latest in a series of intrusions from hackers who have made a lucrative business out of holding organizations’ data hostage in return for digital currency payments.

Although cybercrimes have been going on for years, the attacks have escalated dramatically recently, and an intrusion at Colonial Pipeline in May snarled U.S. gasoline supplies up and down the East Coast.

Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and U.S. efforts to counter it.

The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.

Disruption elsewhere was more severe.

In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”

In New Zealand, 11 schools and several kindergartens were affected.

Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.

“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan, Alistair Bell and Sonya Hepinstall)