UK Government: Moscow Responsible for NotPetya

UK Government: Moscow Responsible for NotPetya

The UK government has taken the rare step of attributing a major cyber attack to a foreign administration, claiming the NotPetya ransomware campaign of 2017 was a Russian military effort.

“The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds,” read a statement from Foreign Office cybersecurity minister, Tariq Ahmad.

“The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.”

The attack, in June 2017, is thought to have been a sophisticated operation that began by infecting popular Ukrainian accounting software ME Docs. Once downloaded by Ukrainian government agencies and critical infrastructure firms, the update then spread the infection.

It has been claimed that the ransom element of the malware was simply a cover for what was essentially a destructive malware attack designed to encrypt the hard disc of infected machines with no way to unlock them.

It spread via the NSA-developed EternalBlue and EternalRomance exploits but also via other techniques, such as using legitimate tools PSExec and WMIC.

Although originally intended to target only Ukrainian organizations, multi-nationals with offices in the country that were infected ended up spreading the malware globally.

Some organizations suffered losses in the hundreds of millions as a result, including shipper Maersk ($300m), FedEx subsidiary TNT ($300m) and UK Nurofen-maker Reckitt Benckiser (£100m).

This isn’t the first time the UK government has publicly named-and-shamed Moscow.

Both Prime Minister Theresa May and National Cyber Security Centre (NCSC) boss Ciaran Martin have called out the Russian government for attacking the UK’s critical infrastructure.

"The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm,” concluded Ahmad’s statement. “We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyber-space.”

Source: Information Security Magazine