Russian Military on parade

What the UK Knows: Five Things That Link NotPetya to Russia

The UK’s Foreign Office Minister Lord Ahmad said that the UK Government believes Russia was responsible for the destructive NotPetya cyber-attack of June 2017. How can they be sure? We look at five, strong clues pointing back to the Kremlin.

The government of the United Kingdom has formally attributed the June 2017 NotPetya wiper attacks to the government of Russia, becoming just the latest government to do so.

In a statement issued Thursday, the UK’s Foreign Office Minister Lord Ahmad said that the UK Government “judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.” The Foreign Office Minister said the attack – directed at Ukraine – was “reckless” and disrupted organizations across Europe to the tune of hundreds of millions of British pounds.

Ukraine was by far the biggest victim of NotPetya, which also spilled into other countries including Russia, Italy, Germany and Netherlands. (Image courtesy of Kaspersky Lab.)

“The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it,” the statement read.

[Read: “Is Russia rethinking its cyber offense?” ]

The UK is just the latest government to point the finger of blame towards The Kremlin for the June attacks, which infected an estimated 1 million computers globally.

Investigators in the Ukraine were the first to blame Russia for the attack, saying in July that it believed that country was responsible for the attack, which affected some 2,000 businesses in that country, alone. A compromise at M.E.Docs, a Ukraine based publisher of accounting software, was the avenue by which NotPetya initially spread. In January, the US Central Intelligence Agency (CIA) added its voice to the chorus, concluding with “high confidence” that the Russian Military’s GRU spy agency created NotPetya, according to public reports citing classified materials.

[You might also want to read: “Sour Patch: NotPetya’s Cleanup Cost to Mondelez Tops $80 million”]

How can they be sure? And what signs point back to Russia? While there is always an element of plausible deniability in cyber attacks (that’s one reason governments find them so enticing), much about the NotPetya wiper make it clear that it was a nation-backed attack and that Russia’s military was likely behind it. Here are five give aways: