The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he 'will respond' if it is tied to Russian President Vladimir Putin.
'We're not sure who it is,' he said, while he celebrated the start of July 4 weekend at a cherry farm in Central Lake, Michigan.
'The initial thinking was it was not the Russian government but we're not sure yet.'
He added: 'If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.'
The warning comes after the two leaders met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia.
In recent months, the nation's critical infrastructure has fallen victim to attacks from cyber criminal groups thought to be based in Russia, with one of the US's biggest fuel carriers and one of its biggest meat suppliers each shuttered for days following breaches.
Joe Biden warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 200 firms in the run-up to July 4 weekend. Biden speaking at a cherry farm store in Central Lake, Michigan Saturday
The warning comes after the two leaders met at the Geneva Summit last month (pictured), where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia
Biden said Saturday he had not spoken with Putin since the latest breach or since their meeting in Geneva.
However, he said he should know more about the latest attack Sunday when he is briefed by US intelligence officials.
'I directed the full resources of the government to assist in the response if needed,' he said.
'I directed the intelligence community to give me a deep dive on what's happened. I'll know better tomorrow.'
The US Cybersecurity and Infrastructure Security Agency (CISA) said Friday it was 'taking action to understand and address the recent supply-chain ransomware attack.'
Around 200 US businesses were impacted by a 'colossal' cyber attack Friday, paralyzing their computer networks.
Worldwide, more than a thousand firms across at least 17 countries are thought to have also been affected.
The hackers first targeted Florida-based IT company Kaseya before spreading to other firms that use the company's software.
The breach was discovered Friday afternoon as many businesses had already closed or waved goodbye to employees for the long Independence Day weekend.
Security firm Huntress said Friday it believed the Russia-linked REvil ransomware cyber gang was to blame.
Last month, the FBI blamed the same group for paralyzing US meat packer JBS.
Biden tours a cherry orchard with Michigan Senators Debbie Stabenow (right), and Senator Gary Peters (left) at King Orchards, a fruit farm in Central Lake, Michigan Saturday
Biden told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach but insisted that he 'will respond' if it is tied to Russian President Vladimir Putin
The president posed for a photo Saturday in the cherry orchard. Biden said he should know more about the latest attack Sunday when he is briefed by US intelligence officials
The hackers that struck Friday hijacked widely used technology management software from Kaseya then changed a Kaseya tool called VSA.
VSA is used by IT professionals to manage technology including servers, desktops, network devices and printers at smaller businesses.
The cybercriminals then encrypted the files of those providers' customers simultaneously.
Huntress said it was tracking eight managed service providers that had been used to infect some 200 clients, with senior security researcher John Hammond describing the incident as 'a colossal and devastating supply chain attack.'
The full extent of the breach and how many companies have been affected is not yet clear.
Among those thought to be affected is Synnex Corp - one of the vendors of the Republican National Committee (RNC), reported Bloomberg.
A spokesman said Microsoft had alerted the RNC that Synnex 'may have been exposed' but said there was 'no indication' the RNC was also victim to an attack or that any sensitive information had been stolen from the committee.
Security firm Huntress said Friday it believed the Russia-linked REvil ransomware gang was to blame for the latest attack. Last month, the FBI blamed the same group for paralyzing US meat packer JBS (the JBS meat plant is viewed in Plainwell, Michigan)
The JBS hack came just weeks after an attack on Colonial Pipeline (Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland pictured)
Some cybersecurity researchers believe the ransomware attack could be one of the broadest on record.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said 'the number of victims here is already over a thousand and will likely reach into the tens of thousands.'
He added: 'No other ransomware campaign comes even close in terms of impact.'
Cybersecurity firm ESET said there are victims in least 17 countries, including the UK, South Africa, Canada, Argentina, Mexico and Spain.
In Sweden, most of the grocery chain Coop's 800 stores were unable to open because their cash registers weren't working, while the Swedish State Railways and a major local pharmacy chain were also affected.
It is unclear how many organizations have since received ransom demands from the hackers in exchange for getting their systems back up and running again.
The FBI has urged companies not to pay ransoms but, in two of the biggest recent cyber attacks, it transpired that the victims bowed to the demands of the cyber criminals.
JBS, the nation's largest meat supplier, paid an $11million ransom in Bitcoin to the hackers who shut down its US plants.
It had learned of an attack on May 30 after finding 'irregularities' on its servers and a ransom note.
This forced the supplier to shut down its computer servers, suspending meat production systems at its US plants for four days.
The FBI said in June REvil - the Russian cybercriminal group also known as Sodinokibi which is known to be one of the most prolific cyber gangs in the world - was behind the breach.
Huntress Labs tweeted about the breach Friday. Its senior security researcher John Hammond described the attack as 'a colossal and devastating supply chain attack'
This came just weeks after Colonial Pipeline fell victim to an attack that forced the carrier of 45 percent of fuel to the East Coast to shut down its entire network and sparked a fuel crisis nationwide.
It sparked concerns of a national fuel crisis with thousands of gas stations running out of fuel and motorists racing to fill up their cars, pushing the national average price of gas past $3 for the first time since 2014.
Colonial Pipeline shelled out almost $5million to DarkSide to get its pipeline back online as soon as possible.
DarkSide is a criminal cybergroup also believed to be based in Russia or Eastern Europe with ties to Russia.
Officials said the hack was the most disruptive cyberattack on energy infrastructure in American history.
Biden met with Putin two weeks after the JBS attack at a summit in Geneva, Switzerland, on June 16.
At the meeting he urged the Russian president to crack down on cyber hackers emanating from Russia.
Biden and Putin met at the Geneva Summit last month, where Biden warned Putin there would be consequences if ransomware attacks continued to hit the US from Russia
Biden told Putin that certain critical infrastructure should be 'off-limits' to cyberattacks and warned of consequences if such attacks continued.
In the meeting, Putin denied that Russia was behind recent attacks.
However, tensions have continued to mount since then with the US and British authorities on Thursday saying Russian spies accused of interfering in the 2016 US presidential election spent the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide.
Russia's embassy in Washington denied the allegations Friday.
The Biden administration is making cybersecurity an increased priority in the wake of the recent attacks.
Earlier this month, it was revealed that the US Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals.
The FBI has also put cybersecurity high on its agenda with its fiscal year 2022 budget proposal including an additional $40million for cybersecurity investigations.
It also includes another $15million to help the FBI improve its own cybersecurity.