View All R&D Articles

US and Britain Blame Russian Military for NotPetya

February 20, 2018

British and US officials publicly blamed Russia for the NotPetya ransomware attack that occurred on June 27, 2017. Ukrainian organizations, including the state power company and Kiev’s main airport, were among the first to report being affected, and approximately 80 percent of the infections from the global attack occurred in Ukraine. Though dozens of non-Ukrainian companies were eventually affected, Ukraine was clearly at the epicenter.

Ukrainian politicians have long blamed Russia for the attacks, but it wasn’t until last month that the CIA concluded with “high confidence” that Russia’s GRU military spy agency created the malware.

Press Secretary Sarah Sanders issued the statement last Thursday.

Starting on Feb. 15, British, American, and Australian government agencies publicly accused Russia of the attack. British Foreign Office Minister Tariq Ahmad released the first statement, which said, “The attack masqueraded as a criminal enterprise but its purpose was principally to disrupt. Primary targets were Ukrainian financial, energy and government sectors. Its indiscriminate design caused it to spread further, affecting other European and Russian business.”

White House Press Secretary Sarah Sanders then released her own statement. “In June 2017, the Russian military launched the most destructive and costly cyber-attack in history,” Sanders said. “This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”

Russia responded with a shrug and a denial.

“It’s not more than a continuation of the Russophobic campaign,” Kremlin spokesman Dmitry Peskov told the BBC.

Australia quickly joined the US and UK in blaming Russia. The Minister for Law Enforcement and Cyber Security wrote, “Based on advice from Australian intelligence agencies, and through consultation with the United States and United Kingdom, the Australian Government has judged that Russian state sponsored actors were responsible for the incident.”

While many security experts already blamed Russia for NotPetya, there were some calls to produce hard evidence. The Centre for Research on Globalization (CRG), a research and media organization based in Montreal, points out that the accusers have shown no proof that Russia is responsible. Furthermore, CRG believes the CIA has the capability to leave fake “fingerprints” after a hack, meaning that, hypothetically, the US government could have carried out the attack itself.

According to CRG, the motivation for the CIA to carry out and then falsely accuse Russia for the attack would be to create a pretense for starting a war. Given how drastically the Trump administration has downplayed Russian meddling in the US elections, this scenario seems unlikely. Still, asking for more than circumstantial evidence before condemning Russia seems reasonable.

The US government hinted at countermeasures to punish Russia.

“We’re going to work on the international stage to impose consequences,” White House cybersecurity coordinator Rob Joyce told CNBC. “We’re going to see levers the US government can do to impose those costs.” Joyce went on to condemn the “indiscriminate attack” that caused billions of dollars in damages.

Everyone with an interest in geopolitics is waiting to see what the US response will look like. Because the US has condemned the indiscriminate nature of the NotPetya attack, the countermeasures will likely be more targeted. However, considering the high costs NotPetya caused companies throughout Europe and the US, the response will not be light.