UK, US Governments Attribute NotPetya Attack To Russian Military

According to the UK and U.S. governments, the Russian military launched the NotPetya attack last June, causing billions of dollars in damage in multiple countries, in an effort to destabilize Ukraine.

NotPetya’s Devastating Attack

The NotPetya malware got its name because it was built out of a variant of another strain of malware called Petya. Initially, security experts thought it was the same Petya attack they’ve seen before, because the two malware strains shared much of the code. The original Petya developer eventually had to release the master key to the existing Petya malware just to prove he or his group were not behind the NotPetya attack.

NotPetya was disguised as ransomware, perhaps to make everyone believe that the people behind it are just another cyber crime group trying to make money from ransomware. In reality, NotPetya’s goals were either to backdoor or destroy the Ukraine IT infrastructure.

The malware was able to infect over 2,000 Ukrainian companies, including Maersk, one of the largest shipping companies. Maersk alone lost almost $300 million having to overhaul its IT infrastructure following the attack. However, NotPetya spread to other countries in Europe, Asia, and the Americas, too, leading to total damages of over $1.2 billion.

Russian Military Behind NotPetya

Both the UK government as well as the U.S. White House released statements attributing the NotPetya attack to the Russian military.

The White House statement included the following comments:

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history.The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

The UK Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of Wimbledon said:

The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.

Russia Denies The Allegations

Russia responded in a comment to the BBC, saying the claims were “groundless” because NotPetya also affected some Russian companies. Of course, a sophisticated nation state actor would probably try to hide its tracks as much as possible, which could include infecting some of its own organizations.

Alternatively, the NotPetya malware could have spread automatically to some Russian organizations, as it did in other countries. Therefore the fact that some organizations were also infected doesn’t necessarily absolve the Russian government of guilt.

Attribution is difficult in cyber space because the attackers can use all sorts of tricks to pretend to be someone else, including using code from other malware, pretending to be run-of-the-mill malware (both things NotPetya has already done), infecting allies, launching the attack from different regions or even from within the networks of other cyber crime groups, and the list goes on.

Presumably the UK and U.S. governments didn’t make these allegations lightly against another nuclear superpower, unless they were quite certain to be true.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • estebanpacheco
    The always reliable and trustable US and UK governments. Like those two have ever got us into trouble due to their "creativity" license aka lies. Its appalling someone still drinks that Kool Aid.
    Reply
  • coolitic
    Remember when the CIA was caught disguising itself as Kaspersky? Not saying "the Russians TM" definitely didn't do this, but I just treat most of these stories with extreme skepticism.
    Reply
  • Dark Lord of Tech
    Like Russia is the only place doing this...NOT!
    Reply
  • arthurdehls
    "The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it."

    Riiiiiight.... so will you be withdrawing all those NATO troops from their borders?
    Still not buying your war.
    Reply
  • berezini.2013
    kasperksy doesn't have antivirus against those malwares at the time it was released leaving Russian government and the biggest country in the world just as much at risk as any others in the world. USA is behind the attack and paid UK for the false vote.
    Reply
  • AgentLozen
    This Thread said:
    Its appalling someone still drinks that Kool Aid.

    USA is behind the attack and paid UK for the false vote.

    It's good to be skeptical about this sort of news. It shows that you're relying on your experiences to help interpret the situation. However, even if you don't believe the United States, any finger pointing you do is just speculation. There isn't any evidence that shows that the west was behind this attack (as far as this article goes).
    Reply
  • Giroro
    I look forward to reading all the Russia-funded anti-west astroturf propaganda in the comments section of every single news story on this issue.

    It's not as funny as the badly translated comments that north korea cranks out since Russia is better at english... but still pretty funny.

    "Remember when the CIA was caught disguising itself as Kaspersky? "

    No.. I don't remember that. But I do remember how the CIA and the Department of Homeland Security (and also the UK) recently banned use of Kaspersky because they believe the Russian Government is using it as spyware... and also probably because it was never particularly good software.
    Reply
  • littleleo
    20718179 said:
    "The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it."

    Riiiiiight.... so will you be withdrawing all those NATO troops from their borders?
    Still not buying your war.
    Repeat after me comrade "Putin is a pussy & a jackass".

    Reply
  • littleleo
    20723020 said:
    I look forward to reading all the Russia-funded anti-west astroturf propaganda in the comments section of every single news story on this issue.

    It's not as funny as the badly translated comments that north korea cranks out since Russia is better at english... but still pretty funny.

    "Remember when the CIA was caught disguising itself as Kaspersky? "

    No.. I don't remember that. But I do remember how the CIA and the Department of Homeland Security (and also the UK) recently banned use of Kaspersky because they believe the Russian Government is using it as spyware... and also probably because it was never particularly good software.
    Tried Kaspersky last year and my whole system ran horribly, got rid of it and all runs much better & faster.

    Reply
  • littleleo
    20714123 said:
    The always reliable and trustable US and UK governments. Like those two have ever got us into trouble due to their "creativity" license aka lies. Its appalling someone still drinks that Kool Aid.
    Repeat after me comrade "Putin is a pussy & a jackass".

    Reply