Before gaining the attention of the White House, REvil accounted for less than ten percent of known ransomware victims; now it accounts for 42 percent, according to Recorded Future, a cybersecurity company.
“It might feel like this problem is new but it’s been exhausting security teams for years now,” said John Hultquist, a director of threat intelligence at FireEye. “Ransoms have exploded and actors have become more audacious. Where we are now was entirely predictable. It has been like watching a slow motion car crash.”
Inside the White House, Mr. Biden’s senior aides acknowledge that America’s cyberdefenses have been woefully neglected over the past three administrations, a period of time that includes Mr. Biden’s service as vice president. Now they say it is up to Mr. Biden to shore up those defenses and make adversaries, state or criminal, pay a price for attacks on American targets.
But unlike strong-arm states like Russia, China, Iran and North Korea, the United States has less authority over how critical systems like gas, power and water — the vast majority of which are run by the private sector — are defended. Many still lack basic protections like multifactor authentication and still use decade-old software that software makers, like Microsoft, stopped patching long ago.
Until his administration finds a way to shore up its defense, the risk of blowback from a U.S. cyberstrike remains high. On Saturday, the same day REvil’s latest attack was underway, Mr. Putin pledged to “take symmetrical and asymmetric measures” to prevent “unfriendly actions” by foreign states.
As Michael Sulmeyer, now a senior adviser to U.S. Cyber Command, put it before he entered government, America still “lives in the glassiest of glass houses.”
Michael D. Shear contributed reporting.