The U.S. and U.K. have taken the unusual step of attributing last year’s massive “NotPetya” cyberattack to Russia.
The White House warned of “international consequences” and the British Foreign Office said we have “entered a new era of warfare.”
Here’s what you need to know to get up to speed with the situation, and to understand what those consequences might entail.
Not-what?
Starting in 2016, a nasty strain of “ransomware” spread around the world, making people’s data inaccessible and demanding a cryptocurrency ransom for the restoration of access. This ransomware (which did its thing around the same time as a similar strain called Wannacry) was known as Petya.
Then came another piece of malware that at first appeared to also be ransomware. This virus, known as NotPetya, seemed to be based on Petya. However, it differed in crucial ways that made it much nastier.
Unlike Petya, NotPetya was able to spread on its own—no need for people to mess up by clicking on dodgy email links. And it didn’t merely encrypt victims’ data; it essentially destroyed it. This wasn’t ransomware, but a weapon.
So who was the target?
NotPetya did most of its damage in mid-2017, primarily hitting state and private-sector organizations and companies in Ukraine (including, worryingly, radiation monitors at Chernobyl). However, it also spread across Europe, the U.S., Australia, and Russia.
The Ukrainian Security Service said Russia was to blame—its neighbor, after all, has long been on a mission to destabilize the Ukrainian regime. Russia denied it, noting that Russian computers were also infected.
Whatever the case, the damage cost billions in damage. Just one of the victims—the shipping giant Maersk—said it had to spend up to $300 million replacing tens of thousands of PCs and servers.
What’s changed?
This week the U.K., then the U.S., officially attributed the attack to Russia and vaguely threatened retaliation.
“We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyberattacks,” said British defense secretary Gavin Williamson. “Russia is ripping up the rulebook by undermining democracy, wrecking livelihoods by targeting critical infrastructure and weaponizing information…We must be primed and ready to tackle these stark and intensifying threats.”
White House press secretary Sarah Sanders, meanwhile, described NotPetya as “the most destructive and costly cyberattack in history.”
“It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyberattack that will be met with international consequences,” Sanders said.
Here’s the reaction from Kremlin spokesman Dmitry Peskov: “We categorically reject such accusations. We consider them unsubstantiated and groundless. This is nothing but a continuation of a Russophobic campaign that is not based on any evidence.”
What will the consequences be?
That’s extremely hard to predict.
The British and American statements are unusual in that it’s usually difficult to accurately attribute the source of cyberattacks. The countries’ intelligence services must be fairly sure of their information in order to make their conclusions public like this. So the statements most likely serve as a “We’re onto you” warning.
Does the Russian military care, though?
The issue here is that nobody wants a full-blown cyber-war—because everyone is highly vulnerable. The Internet’s borderless nature makes it extremely difficult to cut off access to the connected systems that attackers would use to do their work.
Russia is certainly cognizant of this fact, and has occasionally made (not very well thought-through) noises about setting up its own internet infrastructure, in order to mitigate the threat posed by western states to Russian websites.
Websites are not the biggest worry, though. Far more alarming is the fact that many critical infrastructure systems—power grids and dams, for example—are connected to the Internet. The rise of the “Internet of Things” also means more devices are connected to the Internet than ever before, and are therefore potentially vulnerable.
As has been argued before, Russia’s Ukrainian shenanigans could provide a template for future conflagrations: crashed power grids; paralyzed airports and subways.
The trick now is to stop the spread of such tactics without overly provoking the aggressors. And the current strategy to achieve that appears to be the presentation of a united front—Sanders’ “international consequences” reference—and a plea to Russia’s better angels.
As U.K. foreign minister Tariq Ahmad put it: “The Kremlin has positioned Russia in direct opposition to the West, yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it.”
