Biden Weighs a Response to Ransomware Attacks

William Evanina, who recently left a top counterintelligence post in the U.S. government and now advises companies, said he would advise Mr. Biden “to be bold.”

“We need to give Putin something to think about,” he said. “And while I know people in the government like the idea of having ‘unseen’ cyberoperations, we have to show the American people and the private sector that we are doing something about this.”

Mr. Putin has denied that many of the attacks have come from Russia and has argued that the United States, with its cyberoperations around the globe, is the most active disruptive force on the internet.

But clearly a large number of the ransomware demands come out of Russia, and the ransomware code is often written to avoid hitting Russian-speaking targets.

If Moscow wanted to stop Russia’s cybercriminals from hacking American targets, experts say, it would. That is why, some Russia experts argue, the United States needs take aim at Russia’s kleptocracy, either by leaking details of Mr. Putin’s financials or by freezing oligarchs’ bank accounts.

“The only language that Putin understands is power, and his power is his money,” said Garry Kasparov, the Russian chess grandmaster and a Putin critic. “It’s not about tanks; it’s about banks. The U.S. should wipe out oligarchs’ accounts, one by one, until the message is delivered.”

For now, REvil has shown no sign that it is diminishing operations.

In recent days, its cybercriminals continued to hijack American companies’ networks. On Wednesday, REvil hit a new target: a Florida defense contractor, HX5, that sells space and weapon launch technology to the Army, the Navy, the Air Force and NASA.

REvil posted hacked documents to its naming-and-shaming website, “The Happy Blog.” None appeared to be of vital consequence, but HX5 is just the latest contractor to be hit.