US, Britain blame Russia for 'NotPetya' ransomware attack

A file photo of a woman walking past an affected terminal, at main post office of Ukrainian State Enterprise of Posts 'Ukrposhta', after Ukrainian institutions were hit by a wave of cyber attacks day earlier, on June 28, 2017.
A file photo of a woman walking past an affected terminal, at main post office of Ukrainian State Enterprise of Posts 'Ukrposhta', after Ukrainian institutions were hit by a wave of cyber attacks day earlier, on June 28, 2017. PHOTO: EPA-EFE

WASHINGTON (AFP) - The United States and Britain on Thursday (Feb 15) blamed the Russian military for last year's devastating "NotPetya" ransomware attack, calling it a Kremlin effort to destabilise Ukraine which spun out of control.

Statements from Washington and London said Russia would face ramifications for the attacks that crippled computer networks in the United States and Europe, including those of some big corporations.

A White House statement, echoing one from Britain's Foreign Office hours earlier, pointed the finger at the Russian military for the June 2017 attack and called it "the most destructive and costly cyber attack in history", resulting in billions of dollars in economic losses.

"It was part of the Kremlin's ongoing effort to destabilise Ukraine," the US statement said.

The White House added that "NotPetya", which hit thousands of computer systems and caused damage across Europe, Asia, and the Americas, was a "reckless and indiscriminate cyber attack that will be met with international consequences".

Earlier in London, Foreign Office Minister for Cyber Security Tariq Ahmad said the British government decided to publicly attribute the blame, underscoring that Britain and its allies "will not tolerate malicious cyber activity".

"Primary targets were Ukrainian financial, energy and government sectors," the British statement said, adding that NotPetya's "indiscriminate design caused it to spread further, affecting other European and Russian business".

British Defence Secretary Gavin Williamson said the attack was further evidence of a "new era of warfare", with "a destructive and deadly mix of conventional military might and malicious cyber attacks". Russia "is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure and weaponising information," he said.

The accusation was immediately denied by the Kremlin.

"We categorically reject such accusations. We consider them unsubstantiated and groundless," Kremlin spokesman Dmitry Peskov told journalists.

"This is nothing but a continuation of a Russophobic campaign that is not based on any evidence," he said.

'More sophisticated attack'

The attack blocked thousands of computers worldwide, particularly affecting multinational companies and critical infrastructure, such as radiation monitors at the old Chernobyl nuclear power plant and the ports of Mumbai and Amsterdam.

Companies hit included the Russian oil group Rosneft, Danish shipping company Maersk, US pharmaceutical giant Merck, French construction specialist Saint-Gobain and the British advertising firm WPP.

Ukraine, which is battling Russia-backed rebels in a conflict that has killed more than 10,000 people, was the worst affected country.

Banking operations were compromised in what authorities said was an unprecedented attack, which even disrupted arrivals and departures informations at the capital's main Boryspil airport.

The virus, which demanded a payment worth US$300 (S$393) as it locked up files at companies and government agencies, was reminiscent of the WannaCry ransomware attack that swept the world a month earlier in May 2017, hitting more than 200,000 users in more than 150 countries.

Britain and the United States have blamed North Korea for the WannaCry attack, saying it may have been an attempt by the isolated communist regime to access foreign currency.

The NotPetya attack appeared smaller in scale, with global cybersecurity firm Kaspersky Lab estimating there were thousands of victims.

Comparing it to WannaCry, the director of European police agency Europol, Rob Wainwright, said at the time that NotPetya showed "indications of a more sophisticated attack capability intended to exploit a range of vulnerabilities."

Cyber-diplomatic tensions

The public accusations come amid rising tensions over Russia's cyber activities, amid fears of a disinformation effort led by Moscow aimed at disrupting the 2016 US election and stoking political divisions.

Social media automated accounts or "bots" believed to be directed from Moscow have been blamed for efforts to manipulate public opinion in the United States and elsewhere.

Some British politicians have accused Russia of attempts to disrupt the democratic process in Britain by online interference in political campaigns such as the 2016 Brexit referendum and a 2017 general election.

Speaking on Wednesday, John Chipman, director of the International Institute of Strategic Studies, said Russia was engaged in "capabilities beyond conventional military force that are easier to develop and deploy unaccountably". "There is still no effective response from the West either in the form of countermeasures or sanctions," he said.