NotPetya cyberattack ‘almost certainly’ Russia-sponsored: British government

The British government on Thursday officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine last summer before spreading to systems in the U.S. and beyond.

“The U.K.’s National Cyber Security Centre assesses that the Russian military was almost certainly responsible for the destructive NotPetya cyberattack of June 2017,” the British government said in a statement. “Given the high confidence assessment and the broader context, the U.K. government has made the judgement that the Russian government – the Kremlin – was responsible for this cyberattack,” the statement said.

Russia “categorically denies the allegations,” President Vladimir Putin’s office responded Thursday.

“This is nothing more than a continuation of a Russophobic campaign that is without proof,” Kremlin spokesman Dmitry Peskov told journalists, Russian media reported.

The NotPeyta attack started when a malicious data encryption tool was surreptitiously inserted in legitimate software used within Ukraine’s government and financial sector, said the U.K. Foreign Office.

“Once an organization machine was infected, the highly crafted tool was designed to spread rapidly, in some cases overriding the Master Boot Record (MBR) on infected computers and displaying a ransom note asking for payment in Bitcoins. The malware spread via trusted networks, rather than widely over the internet. Therefore, it effectively bypassed the processes put in place to prevent ransomware attacks,” explained the U.K. National Cyber Security Centre.

While the malware first wreaked havoc across Kiev, however, it quickly spread and soon claimed victims abroad, including American shipping giant FedEx, Dutch competitor Maersk and Russia’s Rosneft, among others, ultimately causing hundreds of millions of dollars in related damages.

“The attack showed a continued disregard for Ukrainian sovereignty,” said Lord Tariq Ahmad, the U.K.’s foreign office minister for cybersecurity. “The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.”

The CIA concluded with “high confidence” in November that Russia was behind the NotPetya attack, The Washington Post reported last month, citing classified reports referenced by U.S. intelligence officials who discussed their findings on condition of anonymity. The CIA previously declined to comment.

Britain’s decision to formally blame Russia for NotPetya was coordinated with the U.S. and other countries, including some nations expected to make their own announcements in the near future, according to two sources familiar with the matter, Reuters reported.

NotPetya and WannaCry — a type of ransomware at the center of an international cyberattack launched weeks earlier — quickly spread from computer to computer by capitalizing on a Microsoft Windows exploit previously hoarded by the U.S. National Security Agency and leaked last year by a hacking outfit known as Shadow Brokers. The CIA has subsequently spent months secretly trying to retrieve its collecting of compromised cyberweapons, The Intercept and The New York Times reported last week, yielding an effort that allegedly resulted in paying $100,000 for previously leaked and publicly available hacking tools, according to the latter outlet.

The Trump administration previously attributed WannaCry to the North Korean government. Pyongyang has denied responsibility.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with or if you wish to use your Disqus account look under the Conversation for the link “Have a Disqus Account?”. Please read our Comment Policy before commenting.