UK government officials have publicly attributed the NotPetya malware attacks of June 2017 to actors in the Russian government. Foreign Office Minister Lord Ahmad made his thoughts known in a statement released on 15 February:
The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017. The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.
The National Cyber Security Centre arrived at a similar conclusion the same day.
The UK Foreign and Commonwealth Office (Source: NixonMcInnes) On 27 June 2017, actors abused the MeDoc accounting software to push out a malicious update containing NotPetya. From those initial victims, the wiper malware spread to other machines using EternalBlue, the same Windows exploit leveraged by WannaCry for distribution a month earlier. Organizations in Ukraine's financial, energy, and government sectors were among the hardest hit. Even so, other companies reported significant losses from the outbreak. Maersk said it replaced 45,000 PCs, 4,000 servers, and 2,500 applications following the attack, a response which cost the Danish shipping giant approximately $300 million. FedEx confirmed a comparable amount in lost business and cleanup costs. For its part, the Russian government has "categorically denied the accusations" of the UK government, with President Vladimir Putin spokesman Dmitry Peskov calling them a "continuation of the Russophobic campaign." It's those types of responses from Russia that are the problem, Lord Ahmad feels:
The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.
In the meantime, he says the the United Kingdom will remain committed to "identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm" and "strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace."
