White House pins ‘reckless’ cyberattack on Russia

By Blake Sobczak | 02/16/2018 07:20 AM EST

The Trump administration has blamed the Russian military for a global cyberattack that caused billions of dollars in damages last year.

The Trump administration has blamed the Russian military for a global cyberattack that caused billions of dollars in damages last year.

The White House called the "NotPetya" ransomware outbreak "the most destructive and costly cyber-attack in history" in a statement yesterday.

"[NotPetya] was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict," the statement said. "This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."


The sharply worded press release came on the heels of a similar announcement from the United Kingdom, where intelligence analysts assessed that "the Russian military was almost certainly responsible" for NotPetya.

Kremlin spokesman Dmitry Peskov rejected those findings in a statement to the Tass official news agency, calling claims linking NotPetya to Russia "nothing more than the continuation of the Russophobic campaign lacking any evidence."

The NotPetya infection started in Ukraine last June, when the malware hitched a ride into victims’ computers via accounting software from the company M.E.Doc. By also taking advantage of a flaw in a Windows messaging protocol, NotPetya spread rapidly across organizations in Europe, Asia and the U.S.

The malicious software locked up victims’ computer files and demanded a ransom payment to restore them. But NotPetya overwrote computers’ master boot records, making restoration all but impossible in most cases. Anyone who tried to pay the $300 ransom would still be at a loss, leaving cybersecurity experts to conclude that the hackers wanted to wreak havoc rather than make money (Energywire, June 30, 2017).

One of the hardest-hit companies, Danish shipping giant A.P. Moller-Maersk Group, reported $300 million in losses from the ransomware attack, and IT specialists there had to replace thousands of computers before the conglomerate could return to normal operations. Thomas Rid, professor of strategic studies at Johns Hopkins University School of Advanced International Studies, has labeled NotPetya "the most devastating cyber attack to date, ever."

Several cybersecurity firms, including FireEye Inc., linked NotPetya’s authors to the same suspected Russian hackers who attacked parts of Ukraine’s power grid in 2015 and again in 2016 (Energywire, July 25, 2017).

But yesterday’s White House announcement is noteworthy, experts say, particularly given President Trump’s reticence to blame Russia for hacking and misinformation campaigns targeting the 2016 U.S. presidential election.

In December, White House officials pinned a separate ransomware attack dubbed WannaCry on the North Korean government, marking one of this administration’s first forays into the murky world of attributing cyberattacks (Energywire, Dec. 19, 2017).

"Cyberattacks are still rare enough that anytime a nation directly attributes an attack to another nation — that’s interesting," said Ben Buchanan, a postdoctoral fellow at the Harvard Kennedy School’s Belfer Center and author of "The Cybersecurity Dilemma." "The question then becomes: what next? If attribution is not followed by a response, does it have meaning?"

It’s not clear what "international consequences" could be in store for the Russian government following the U.S. and U.K.’s warnings. Under an executive order dating back to the Obama administration and extended under Trump, White House officials could opt to sanction specific individuals tied to malicious behavior in cyberspace, though that specific policy tool has rarely been used in practice (Energywire, April 2, 2015).

"The challenge in cyber operations is not always attributing them, but figuring out what to do about them once they’re attributed," said Buchanan. "That’s particularly true when the attacks are below the threshold of armed conflict."