UK government blames Russia for NotPetya cyber attack

Written by David Adams

The UK government has publicly blamed Russia for the NotPetya malware attack that took place in June 2017, paralysing IT systems in companies and other organisations across Europe and causing more than $1.2 billion worth of damage. Companies affected included Maersk, TNT, WPP, DLA Piper and Reckitt Benckiser.

The UK’s National Cyber Security Centre has released an assessment that the Russian military was almost certainly responsible for NotPetya; the UK government said it had “made the judgment that the Russian government – the Kremlin – was responsible for this cyber attack.”

A spokesperson for the Kremlin, Dmitry Peskov, said Russia categorically dismissed the accusation, describing it as “unsubstantiated and groundless”; and accusing the UK of “a continuation of the Russophobic campaign which is not based on any evidence”.

It is notoriously difficult to attribute blame for cyber attacks, but circumstantial evidence gives some credence to the UK government’s claim. The largest number of organisations affected were located in Ukraine, where government networks, along with financial and energy assets seem to have been targeted.

In addition, although NotPetya appeared to be ransomware, which demanded the equivalent of a few hundred dollars in Bitcoin to decrypt scrambled data, the systems that collected payment and distribute decryption keys stopped functioning fairly quickly, suggesting that whoever set the attack in motion was more interested in creating chaos than accumulating cash. Even the name given to the malware is based on the fact that its apparent similarity to the Petya ransomware was misleading. NotPetya was designed primarily to damage IT infrastructure, not to extort money.

UK Foreign Office Minister Lord Ahmad said the Russian military was directly responsible for the “reckless” attack, which “showed a continued disregard for Ukrainian sovereignty”. He called on Russia “to be the responsible member of the international community it claims to be rather than secretly trying to undermine it”.

“The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm,” he continued.

In January, UK Secretary of State for Defence Gavin Williamson warned that cyber attacks launched from Russia could cause thousands of deaths in the UK if they damaged critical national infrastructure. In November Theresa May accused the Russian government of trying to “sow discord” in the West, by interfering with elections, spreading misinformation and launching cyber attacks.

Related Articles