According to the UK and U.S. governments, the Russian military launched the NotPetya attack last June, causing billions of dollars in damage in multiple countries, in an effort to destabilize Ukraine.
NotPetya’s Devastating Attack
The NotPetya malware got its name because it was built out of a variant of another strain of malware called Petya. Initially, security experts thought it was the same Petya attack they’ve seen before, because the two malware strains shared much of the code. The original Petya developer eventually had to release the master key to the existing Petya malware just to prove he or his group were not behind the NotPetya attack.
NotPetya was disguised as ransomware, perhaps to make everyone believe that the people behind it are just another cyber crime group trying to make money from ransomware. In reality, NotPetya’s goals were either to backdoor or destroy the Ukraine IT infrastructure.
The malware was able to infect over 2,000 Ukrainian companies, including Maersk, one of the largest shipping companies. Maersk alone lost almost $300 million having to overhaul its IT infrastructure following the attack. However, NotPetya spread to other countries in Europe, Asia, and the Americas, too, leading to total damages of over $1.2 billion.
Russian Military Behind NotPetya
Both the UK government as well as the U.S. White House released statements attributing the NotPetya attack to the Russian military.
The White House statement included the following comments:
In June 2017, the Russian military launched the most destructive and costly cyber-attack in history.
The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.
The UK Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of Wimbledon said:
The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.
The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.
Russia Denies The Allegations
Russia responded in a comment to the BBC, saying the claims were “groundless” because NotPetya also affected some Russian companies. Of course, a sophisticated nation state actor would probably try to hide its tracks as much as possible, which could include infecting some of its own organizations.
Alternatively, the NotPetya malware could have spread automatically to some Russian organizations, as it did in other countries. Therefore the fact that some organizations were also infected doesn’t necessarily absolve the Russian government of guilt.
Attribution is difficult in cyber space because the attackers can use all sorts of tricks to pretend to be someone else, including using code from other malware, pretending to be run-of-the-mill malware (both things NotPetya has already done), infecting allies, launching the attack from different regions or even from within the networks of other cyber crime groups, and the list goes on.
Presumably the UK and U.S. governments didn’t make these allegations lightly against another nuclear superpower, unless they were quite certain to be true.