Following form with a finding by the government of the United Kingdom, the White House issued a statement formally blaming Russia’s military for unleashing NotPetya, the destructive “wiper” worm that spread across much of the world last June.
NotPetya, which at first appeared to be yet another crypto-ransomware attack similar to WannaCry, was instead designed to simply destroy data. There have been suggestions in the past that the malware was launched as part of a state-sponsored attack against Ukraine, likely by Russian attackers connected to the military. Multiple security research companies have, with relatively high confidence, previously attributed NotPetya to a Russia-based attacker.
But that’s different from governments formally stating attribution as fact. Today, the UK’s National Cyber Security Centre issued a report stating that “the Russian military was almost certainly responsible for the ‘NotPetya’ cyber attack of June 2017.” The UK’s Foreign Office Minister for Cyber Security, Lord Tariq Ahmad, said NotPetya “showed a continued disregard for Ukrainian sovereignty… Its reckless release disrupted organizations across Europe costing hundreds of millions of pounds. We call upon Russia to be the responsible member of the international community it claims to be, rather than secretly trying to undermine it.”