The UK has decided to name and shame who it claims was behind last June’s NotPetya ransomware outbreak: the Russian government.
On Thursday, the UK’s Foreign Office pointed fingers at the Russian military for sponsoring the massive cyberattack, which struck computers around the world and cost businesses millions in damages.
The true goal of the attack was to disrupt Ukrainian industries and government sectors, said Foreign Office minister for cybersecurity Lord Tariq Ahmad of Wimbledon. “The attack showed a continued disregard for Ukrainian sovereignty.”
UK Defense Secretary Gavin Williamson also told The Guardian that Russia was “ripping up the rule book” when it came to military tactics. “We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber-attacks,” he told the paper.
The bold accusations represent the UK’s latest effort to push back at the Kremlin over an escalating cyberwar in the region. Russian hackers have been connected to numerous hacking attempts, including shutting down the power grid in the Ukraine and trying to influence democratic elections across Europe. NotPetya may have been another salvo in these attacks, according to experts. The malicious code can effectively destroy the data inside any computer it infects.
On Thursday, the UK didn’t offer new evidence proving Russia had a hand in developing NotPetya. But the government isn’t alone in suspecting the Kremlin’s involvement. Last month, the Washington Post reported that the CIA also concluded that a Russian military spy agency created the malicious code.
Whether the US will join the UK in condemning Russia for the ransomware outbreak isn’t clear. But American intelligence officials warned this week that Russian agents will try to meddle in the US midterm elections by spreading misinformation over social media.
In the meantime, the Kremlin denies any involvement with NotPetya. “We strongly reject such accusations, we consider them to be groundless,” said Russian presidential spokesman Dmitry Peskov. “They [the UK accusations] are part of the similarly groundless campaign based on hatred against Russia.”
The NotPetya outbreak is estimated to have cost businesses $1.2 billion in lost revenue, according to the security firm Cybereason. It attacked computers like a ransomware infection, by encrypting all the data inside. However, the malicious code actually made it impossible for victims to recover their data, leading many experts to suspect NotPetya was solely designed to destroy IT systems.
Helping the infection spread so quickly and indiscriminately was how NotPetya was built with hacking tools stolen from the US National Security Agency.