The UK government has officially attributed the June 2017 NotPetya cyber attack to the Russian government.
The statement is backed by an assessment of the UK’s National Cyber Security Centre, which has found that the Russian military was “almost certainly” responsible for it.
The NotPetya attack
“The NotPetya attack saw a malicious data encryption tool inserted into a legitimate a piece of software used by most of Ukraine’s financial and government institutions,” the NCSC noted.
“The malware was not designed to be decrypted. This meant that there was no means for victims to recover data once it had been encrypted. Therefore, it is more accurate to describe this attack as destructive than as ransomware.”
NotPetya was designed to spread rapidly, via trusted networks rather than over the Internet. To do that, it used the EternalBlue and EternalRomance exploits, which the Shadow Brokers group released in early 2017.
“The ransom note instructed victims to make payments to a single Bitcoin wallet with confirmation that they had paid. However, flaws in the payment process quickly became apparent as the ransom note did not display a ‘personal identification ID’ which would enable the attacker to know whose data to decrypt and the payment collection infrastructure was quickly taken down by the attacker’s email provider,” the NCSC pointed out.
“Several indicators seen by the NCSC demonstrated a high level of planning, research, and technical capability.”
Lord Tariq Ahmad of Wimbledon, Minister of State for the Commonwealth and the United Nations at the Foreign and Commonwealth Office (FCO), said that the attack showed a continued disregard for Ukrainian sovereignty.
Primary targets were Ukrainian financial, energy and government sectors, he said, but its indiscriminate design caused it to spread further and affect other European and Russian business. It ended up costing organisations across Europe hundreds of millions of pounds.
“The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm. We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace,” he added.
“The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity,” the Foreign and Commonwealth Office concluded.
Lord Ahmad has called upon Russia to be a “responsible member of the international community it claims to be rather than secretly trying to undermine it.”
The UK government’s action was commented by Kremlin spokesman Dmitry Peskov, who says that Russia dismisses the accusations and considers them unsubstantiated and groundless.
“It’s not more than a continuation of the Russophobic campaign which is not based on any evidence,” he added.