UK accuses Russia of 2017’s NotPetya ransomware attacks

The UK government has directly accused Russia of being behind the so called NotPetya ransomware attack last year — which quickly spread around the globe, including affecting businesses in Spain, France and India, demanding payment in Bitcoin to unlock infected machines. The malware initially appeared targeted at Ukrainian networks.

“We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber-attacks,” UK defense secretary Gavin Williamson is quoted as saying (via The Guardian). “Russia is ripping up the rulebook by undermining democracy, wrecking livelihoods by targeting critical infrastructure and weaponising information… We must be primed and ready to tackle these stark and intensifying threats.”

Update: The US government has also since made a statement blaming Russia for the cyber attack. White House press secretary, Sarah Sanders, described it as “part of the Kremlin’s ongoing effort to destabilise Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict”.

Russia has made various military incursions into Ukrainian territory since 2014, when it annexed Crimea. Ukraine has also suffered a sustained cyberwarfare campaign apparently waged by Kremlin agents — though of course Russia denies all charges — including, in 2015, a cyber attack against the local energy grid that temporarily disrupted electricity supplies in the depths of winter.

Russia has denied Williamson’s latest charge too — as it also did last year, when the UK prime minister directly accused Vladimir Putin of seeking to weaponize information in order to sew social division and influence elections in the West, via the medium of fake news posted to social media platforms.

“We categorically dismiss such accusations; we consider them unsubstantiated and groundless. It’s not more than a continuation of the Russophobic campaign which is not based on any evidence,” a Kremlin spokesman, Dmitry Peskov, told the BBC in response to the NotPetya charge.

The UK’s foreign office backed up Williamson’s remarks, with minister Lord Ahmad saying in a statement (via Reuters): “The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity.

“The UK government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyber attack. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds. The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way.”

“We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it,” he added.

While the NotPetya malware was initially thought to be a strain of the Petya ransomware it turned out to be a new variant that reused only some code. (Hence NotPetya.) It also included code known as Eternal Blue — which is widely believed to have been stolen from the NSA, as was the exploit that fueled last year’s WannaCry/WannaCrypt attack.

UK parliamentarians are also currently investigating the impact of Russian-backed Brexit meddling in the UK’s 2016 EU referendum, as part of a wider enquiry into fake news. And separately the UK Electoral Commission is also looking into digital campaigning activity funded by Russia during the referendum.

Last month the UK government announced plans to set up a dedicated national security unit to try to combat state-led disinformation campaigns.