Dmitri Alperovitch says the scale of the attack, on software from U.S. firm Kaseya, is unprecedented. He wants President Biden to threaten sanctions on Russia for allowing cybercriminals to operate.

Transcript

LEILA FADEL, HOST:

Thousands of companies are still working to recover their data after the single biggest global ransomware attack on record. The cyberattack has hit a broad range of businesses and public agencies in at least 17 countries worldwide, medical offices to grocery stores. Hackers went after business software company Kaseya. The cyberattack then trickled down to about 60 of Kaseya's clients. An affiliate of the REvil ransomware gang is behind the attack. The group is believed to be Russia-based and was also behind the hacking of meat processor JBS back in May. President Biden said this weekend that U.S. intelligence agencies are still working to pinpoint the source of the cyberattack.

(SOUNDBITE OF ARCHIVED RECORDING)

PRESIDENT JOE BIDEN: If it is, either with the knowledge of and-or the consequence of Russia, then I told Putin we will respond.

FADEL: Dmitri Alperovitch is a cybersecurity expert. He's the co-founder and former chief technology officer of the cybersecurity company CrowdStrike. Dmitri, welcome.

DMITRI ALPEROVITCH: Thanks for having me.

FADEL: So the U.S. and other countries are still trying to figure out the scope of this massive cyberattack. And I want to ask you how this attack is different than what we've seen before.

ALPEROVITCH: Well, the scale and scope of this attack is really unprecedented. The company Kaseya, whose software was compromised through this attack, now estimates that there are about 1,500 organizations worldwide that have been affected. Now, most of these organizations will be small and medium businesses. That's their bread and butter. And this will be dentist offices, car dealers, libraries, schools, grocery chains in Sweden and the like.

FADEL: Now, why choose a company like Kaseya?

ALPEROVITCH: Well, it really gives you unprecedented reach. So the hackers found what is known as a zero-day vulnerability, a previously unknown vulnerability, in Kaseya's product, and then they literally scanned the internet to find anyone that's using that software and started compromising each and every one of the customers that had that software on the internet. Now, it turns out that many of Kaseya's customers are actually not end users but managed service providers, companies that manage networks for smaller organizations. And as a result of hitting those companies, those managed service providers, they had access to hundreds of victims within each.

FADEL: Wow. Now, these hackers are believed to be based in Russia and to operate with impunity. And last month, President Biden told Russian President Putin that these ransomware attacks have to stop. What does this latest attack tell you about Putin's response?

ALPEROVITCH: Well, one thing is clear that, at best, Putin is dragging his feet and is not dealing with this issue. It is quite clear that the Russian intelligence services, Russian law enforcement, is capable of identifying these people and arresting them and prosecuting them. They're not yet doing that. And it is time, I believe, for President Biden to deliver an ultimatum to Putin that either these attacks will stop or the U.S. will start enforcing very severe sanctions against the Russian energy sector.

FADEL: So that, you think, is the most effective way for the U.S. to respond?

ALPEROVITCH: I think a message needs to be sent that this is something that is urgent and important for ordinary Americans, and President Biden, who is advocating foreign policy for the middle class, has to respond forcefully.

FADEL: Now, the hackers are offering a universal decryptor for everyone's data if someone steps up and pays $70 million. Why offer something like that?

ALPEROVITCH: Well, clearly, they think that perhaps they can pressure Kaseya into paying that amount, given that their software was responsible for this breach. And they realize that going to 1,500 organizations and trying to get a ransom from each one is going to be very difficult because many of these small businesses have been hit so hard during the pandemic and will be hard-pressed to find money to pay a significant ransom to these criminals.

FADEL: Now, did REvil bite off more than it could chew, so to speak, by going after so many at the same time?

ALPEROVITCH: I don't think so. I think it remains to be seen whether this action crossed a red line and will suffer a severe response. But it's clear that the U.S. government needs to engage in a serious discussion about how we - do we go after these cybercriminals using our intelligence community, using our Cyber Command capabilities, to try to disrupt their operations, just like we do against terrorist groups.

FADEL: Now, is there proof that there are links between this gang and the Russian government?

ALPEROVITCH: There is no proof of that, and in fact, it's probably unlikely that the Russian government is working with them or is directing them in any way. But it's pretty clear, with 20 years of history of cybercriminals operating freely from Russia without any harassment from Russian law enforcement - even though the U.S. government and other governments have provided detailed information to Russian law enforcement about these criminals. So at a minimum, they're providing safe harbor to them.

FADEL: In the few seconds we do have left, what can companies and agencies do to protect themselves in an attack like this, against an attack like this?

ALPEROVITCH: Well, the first thing that everyone needs to assume is that someone is going to come after you. The days of when you can assume that, if you're not a high-profile organization, you will not be hacked are over.

FADEL: Dmitri Alperovitch is the chairman of the think tank Silverado Policy Accelerator. Thank you for taking the time.

ALPEROVITCH: Thank you. Transcript provided by NPR, Copyright NPR.