Referencing a New York Daily Daily News article about a recent massive ransomware attack that affected about 200 U.S. companies, the California congressman tweeted: “Biden is soft on crime and weak against Putin.”

“Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks?” McCarthy wrote in his post. “What he SHOULD have said is that ALL American targets are off-limits.”

The latest attack on Friday was presumably orchestrated by REvil, a major Russian-speaking ransomware syndicate. Former members of the group have been reportedly linked to the recent Colonial Pipeline hack.

Kaseya, a software supplier, was the major company targeted, and hackers were able to use its network-management package as a conduit to spread ransomware through all cloud services that use Kaseya’s software.

John Hammond, a senior security researcher at Huntress Labs, wrote in a message on Twitter that “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business. All of the affected organizations that we know of so far are US based.”

He added: “This is a colossal and devastating supply chain attack.”

It is unclear how many of Kaysea’s customers might have been impacted or their identities, the Associated Press reported.

Eric Goldstein, CISA Executive Assistant Director for Cybersecurity, told Newsweek in an email Saturday: “CISA is closely monitoring this situation. We are working with Kaseya and coordinating with the FBI to conduct outreach to possibly impacted victims. We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities.”

Last month, Biden said he gave Russia a list of 16 key entities that are effectively “off-limits” from attacks by Russian cybercriminals syndicates.

“I talked about the proposition that certain critical infrastructure should be off limits to attack — period — by cyber or any other means. I gave them a list, if I’m not mistaken — I don’t have it in front of me — 16 specific entities; 16 defined as critical infrastructure under U.S. policy, from the energy sector to our water systems,” Biden told reporters following his Geneva summit with Putin on June 16.

Biden’s entities were inspired by the two large cyberattacks against Colonial Pipeline and the meat-processing company JBS Holdings. Both of them were believed to have been hacked by Russian cybercriminals.

Updated 2:28 PM ET, with a comment from CISA.