After months of conducting its due diligence, the U.S. government on Thursday attributed Russia’s military with a cyber-attack last summer that masqueraded as ransomware but in reality was meant to wipe clean infected computers worldwide and ended up costing companies and organizations billions of dollars in damage.
The White House press office issued a statement attributing the June 2017 NotPetya attack to the Russian military, saying it was “the most destructive and costly cyber-attack in history.”
The White House statement followed a similar announcement by the United Kingdom Foreign Office on Wednesday. The statements were supposed to be issued simultaneously but the U.S. delayed its announcement out of respect for the victims in a mass shooting incident at a Florida high school on Wednesday, a spokesman for the White House National Security Council told Defense Daily.
The initial target vector for the attack was Ukraine, which the Russian government has sought to destabilize through cyber and physical attacks.
“The attack, dubbed ‘NotPetya,’ quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas,” the White House statement says. “It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”
From the Ukraine, the computer virus spread to organizations in other countries, including the drug maker Merck [MRK] in the U.S. and global shipping giant Maersk.
Ukrainian authorities last June, less than two weeks after the cyber-attack, attributed the virus to the Russian military. The NSC spokesman said the U.S. waited until completing a thorough review of the virus and its attributes through coordination with interagency and allied partners before blaming the Russian military.
The Trump administration is sorting out deterrence policies for cyber-attacks but so far hasn’t disclosed a specific policy. Tom Bossert, assistant to the president for Homeland Security and Counterterrorism, said last September that the administration will likely use traditional means to deter bad behavior in cyberspace rather than resort to offensive cyber operations (Defense Daily, Sept. 6, 2017).
The U.K. statement says “The decision to publicly attribute this incident underlines the fact that the U.K. and its allies will not tolerate malicious cyber activity.”
The NotPetya attack came a month after the WannaCry ransomware virus that targeted computers using the Microsoft [MSFT] Windows operating system. The U.S. and other countries last December blamed North Korea for that attack.