U.S. and U.K. blame Russia for infamous ‘NotPetya’ cyberattacks
The governments of the United States and the United Kingdom have publicly blamed the Russian military for a devastating cyberattack that took place last June.
Earlier Thursday the U.K. had become the second country, after Ukraine, to publicly state that NotPetya was carried out by Russia. The White House followed suit Thursday afternoon.
“[NotPetya] was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict,” a statement by the White House reads. “This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”
The National Cyber Security Centre (NCSC) in the U.K. found that the purpose of the cyberattack was to disrupt Ukraine’s financial systems. The sophistication and planning of the attack required considerable resources and time, NCSC said.
“The Kremlin has positioned Russia in direct opposition to the West: it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it,” the Foreign Office Minister of State with responsibility for cybersecurity, Tariq Ahmad, said in an NCSC statement.
NotPetya, a destructive ransomware virus, successfully infected thousands of computers used in financial, energy and government institutions throughout Ukraine. It ultimately spread to European and Russian businesses. Some businesses in the United States were also affected by the attack.
The CIA reportedly assessed in December that Russia was at fault for the attack, concluding that the GRU — a military intelligence service of Russia — had created NotPetya. The CIA found, according to The Washington Post, that the hackers responsible for NotPetya worked in a division of the GRU named the Main Center for Special Technology, which is involved with Russia’s secretive cyberwarfare and espionage program.
The Russian hackers implemented NotPetya through a data encryption tool inserted into accounting software that is widely used by Ukrainian financial and government institutions. But because of the nature of the malware, which allows it to automatically steal credentials and propagate across a compromised network, it escaped Ukraine and hit several multinational companies.
Infected machines were prompted with a digital ransom note encouraging payments via bitcoin in exchange for returned access to the user. The payment collection tactic was flawed, however, leading some cybersecurity experts to believe that NotPetya was intended to be destructive rather than a financially motivated scheme.
Since Thursday’s early morning announcement, the governments of New Zealand, Australia and Canada have all hopped on and collectively blamed Russia for NotPetya. The combined attribution assessment means that the entire Five Eyes (FVEY) collective, an intelligence partnership between the U.S., U.K., Canada, New Zealand and Australia, have agreed to shame Russia for launching the ransomware virus.