U.S. Formally Accuses Russia of Launching NotPetya Ransomware Attack

The U.S., UK, Canada and Australia now say that the Russian military was responsible for the June 2017 NotPetya global cyber-attacks that caused hundreds of millions in damages.

New Wave WannaCry

When organizations in the Ukraine first began reporting in June 2017 that they had been impacted by a ransomware attack known as NotPetya, there was early speculation that Russia was involved.

Now seven months after the devastating NotPetya attack, that spread far beyond the Ukraine to impact organizations around the world, global governments including the U.S., U.K., Canada and Australia are formally accusing Russia of being behind the attack.

"In June 2017, the Russian military launched the most destructive and costly cyber-attack in history," the White House wrote in a Feb. 15 statement. "The attack, dubbed NotPetya, quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas."

Russian officials have repeatedly denied any involvement in the NotPetya incident. While the attack first impacted Ukraine, within a day it was already spreading to other countries. The U.S. Government alleged that Russia used the NotPetya attack to help de-stabilize Ukraine.

"It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict," the White House stated. "This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."

The White House statement came hours after a similar accusation from the United Kingdom's Foreign Office Minister.

"The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017," Foreign Office Minister for Cyber Security Lord Tariq Ahmad, stated. "The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organizations across Europe costing hundreds of millions of pounds."

Greta Bossenmaier, Chief of the Canadian Security Establishment (CSE) agency also blamed Russia for the NotPetya attack. She condemned the use of the malware, "…to indiscriminately attack critical financial, energy, government, and infrastructure sectors around the world in June 2017." The Australian government has made a similar statement attributing the NotPetya attack to Russia.

Cyber-Attack Based on EternalBlue Exploit

The attack made use of an exploit known as EternalBlue, which allegedly was created by the U.S. National Security Agency (NSA) backed Equation Group and then subsequently stolen by group known as the Shadow Brokers. EternalBlue was patched by Microsoft in March 2017, though it wasn't patched by every end-user organization, which is what helped to enable the spread of ransomware attacks using multiple strains of the exploit.

The EternalBlue exploit was first widely used as part of the WannaCry attack in May 2017, that preceded the NotPetya ransomware attack. 

While the U.S and its' allies blame Russia for NotPetya, the U.S has formally accused North Korea for the WannaCry attack. In a December 2017 White House press conference, Homeland Security Advisor Tom Bossert laid out the U.S. government's case for North Korea's involvement in the WannaCry attack.

Financial Costs

Though the initial target of NotPetya was Ukraine, the attack had global financial impact on several multi-national companies, as the ransomware attack took aim at critical IT systems.

Pharmaceutical vendor Merck was among those impacted by NotPetya, reporting financial impact related to NotPetya to be up to $375 million. Delivery company FedEx's TNT business unit also suffered loses as a result of NotPetya, estimated at $300 million. Consumer products vendor Reckitt Benckiser estimated loses of approximately $100 million related to NotPetya, while snack maker Mondelez International had loses of approximately $150 million.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.