The UK government has publicly accused the Russian military of carrying out the malicious NotPetya ransomware attack that spread across Europe last year.
Publicly accusing Russia of carrying out the NotPetya ransomware attack is an unusual step for the British government to take. The attack began in June, initially targeting Ukraine before spreading across Europe to France, Germany, Italy and the UK, among others.
Recent estimates suggest that the attack cost the companies affected upwards of $1.2bn (~€960m). These companies included Ukrainian Railways, Ukrtelecom, Reckitt Benckiser, TNT Express, and Mondelez International. More than 80% of the affected companies were based in Ukraine, and Germany was the second hardest hit with around 9% of companies based there.
What did the government say?
The UK’s Defence Secretary, Gavin Williamson, said that the NotPetya ransomware attack represented the beginning of “a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber attacks”.
He warned that Russia is engaged in efforts to undermine the international community, and that new defensive measures will be needed to help UK businesses avoid future attacks: “Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponising information”.
He added: “We must be primed and ready to tackle these stark and intensifying threats”. Williamson has previously warned that Russia is capable of attacking the UK’s critical infrastructure, and that it could cause “thousands and thousands” of deaths if it did so.
Last November, UK Prime Minister Theresa May also asserted that Russian President Vladimir Putin was responsible for attempting to influence elections and engaging in cyber warfare in Western countries.
Ukraine’s Secretary of National Security, Oleksandr Turchynov, has already claimed Russian involvement in the attack, and NATO Secretary General Jens Stoltenberg promised to increase the organisation’s support for Ukrainian cybersecurity, to prevent future such attacks.
