UK government: Kremlin is responsible for NotPetya ransomware attack

British Foreign Office Minister accused Russia of massive NotPetya cyber attack in June 2017

The UK Government officially states that Russia is “almost certainly responsible”^[1] for NotPetya ransomware^[2] attack which hit European companies, organizations, and governments last year.

The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017. [Source: gov.uk]

In the press release published on the 15th of January, Foreign Office Minister Lord Ahmad attributes that ransomware attack was camouflaged to look like criminal activity. On the affected computers malware encrypted files and asked to pay the ransom. However, the real purpose of the attack was to disturb life in European countries, he says.

It’s clear that the attack was originally aimed at institutions in Ukraine to cause havoc and demonstrate Russia’s aggressive capabilities in cyberspace. However, ransomware was designed to spread further across Europe, including Russia itself.

Russia declined all previous accusations and had never admitted being responsible for one of the largest cyber attacks last year. The fact that Russian companies suffered from the attack was the main argument. However, it may have been just a clever trickery used by Kremlin’s hackers.

CIA reported that Russian military hackers are responsible for cyber attack in January

Earlier this year, the US Central Intelligence Agency (CIA) also attributed that NotPetya attack in Ukraine was held by Russian authorities.^[3] According to the CIA, it was a part of “hybrid warfare” which allowed Russia to expand its aggression from traditional military actions to cyberspace.

Reports tell that the purpose of ransomware attack was to disturb Ukraine’s financial system and whole daily life. Malware spread via compromised M.E.Doc accounting software update which is used by the majority of companies and organizations in Ukraine.

Therefore, malware easily infected Ukrainian ministries, radiation monitoring system at Chernobyl Nuclear Power Plant, banks, metro system, airports, railways, and other state-owned enterprises on the 27th of June 2017.

NotPetya attack cost millions for victims all over the world

Nevertheless, ransomware attack was aimed at Ukraine; more than 65 countries suffered from file-encrypting virus too. AP Moller-Maersk, FedEx, Mondelez International, Saint-Gobain, Merck, and many other who companies that counted millions of dollars financial loss due to the cyber attack.

The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds. [Source: gov.uk]

For instance, shipping giant Maersk was one of the companies that experienced the biggest damage because of ransomware attack. According to media outlets, the attack cost about $250m and $300m for Maersk. Fortunately, the company managed to rebuilt 4.000 servers, 45.000 computers, and 2.500 applications.^[4] However, no one will cover the financial loss.

The UK government explains its decision to accuse Kremlin of being responsible for ransomware attack by stressing out that country and its allies “will not tolerate malicious cyber activity.” However, according to the latest information from Reuters, Russia “categorically denies” these allegations.^[5]