Feb 15, 2018 - World

White House confirms NotPetya malware was Russian military operation


NotPetya installed on a laptop. Donat Sorokin / Getty

Hours after the U.K. publicly attributed the NotPetya malware to the Russian military, the White House confirmed that Russia was behind the attack.

Why it matters: The White House has been loath to speak ill of Russia under any circumstance. NotPetya was a global disaster. The shipping giant Maersk alone lost $300 million in the incident, with ports closed worldwide. Government computers in several countries were hit, as well as American firms like the food giant Mondelez. But the malware did 80% of its damage in Ukraine, according to the cybersecurity firm ESET.

What they're saying: "In June 2017, the Russian military launched the most destructive and costly cyber-attack in history," Press Secretary Sarah Huckabee Sanders wrote in a statement to reporters Thursday afternoon. The attack "was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."

The details: Hackers affixed NotPetya to an update of the Ukrainian accounting software M.E.Doc in June, 2017. It was meant to look like ransomware, a program that encrypted files across the network of any computer it infected, but the program was intentionally designed not to be able to decrypt files even if a victim paid a ransom.

The intrigue: White House attributions of cyber events used to be rare because openly acknowledging a foreign actor was geopolitically risky and seemed to demand a response. President Obama only attributed three campaigns to foreign actors - Russia's attack in the 2016 election, Iranian hackers targeting banks and Chinese hackers stealing intellectual property for Chinese companies. In only about a year, Trump has nearly tied the score.

The big picture: NotPetya was the second of two ransomware or ransomware-like attacks the Trump government has attributed to a foreign nation. The White House attributed WannaCry, a similarly pandemic attack only weeks before NotPetya, to North Korea. In both cases the attribution came after the U.K. initiated.

Go deeper