Russian President Vladimir Putin

The United States has imposed sanctions against Russian entities for the NotPetya ransomware outbreak, cyber-attacks on the US power grid, and their attempts to influence the 2016 US presidential election process.

The sanctions were announced earlier today in a press release by the US Department of Treasury’s Office of Foreign Assets Control (OFAC).

The US Treasury has named five entities and 19 individuals in its press release. The name at the top of the sanctions list is the Internet Research Agency LLC (IRA), a so-called "troll farm" operated out of Sankt Petersburg, involved with the proliferation of fake news and the creation of several controversial organizations that attempted to sway the outcome of the 2016 US election.

US administration takes action following Dragonfly attacks

The list includes mainly individuals and organizations lending support to IRA, but also some high-ranking officials in Russia's Federal Security Service (FSB) and Main Intelligence Directorate (GRU) —believed to be involved with the NotPetya ransomware outbreak and the cyber-attacks on the US energy sector.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a joint alert through the US-CERT website detailing the attacks on the US power grid.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

This joint statement includes indicators of compromise (IOCs) that tie the cyber-attacks on the US power grid to a cyber-espionage group known as Dragonfly, detailed in a Symantec report in September 2017.

US: NotPetya was the most costly cyber-attack in history

The US Treasury also blamed Russia for the NotPetya outbreak, which it called "the most destructive and costly cyber-attack in history."

The attack resulted in billions of dollars in damage across Europe, Asia, and the United States, and significantly disrupted global shipping, trade, and the production of medicines.  Additionally, several hospitals in the United States were unable to create electronic records for more than a week.

The White House officially blamed Russia for deploying the NotPetya ransomware on February 15. The UK, Australia, Canada, and New Zealand —all members of the Five Eyes intelligence-sharing organization— put out similar statements at the time.

To date, the Treasury has sanctioned more than 100 individuals and entities connected with Russia, involved in cyber-attacks, election meddling, or Russia's invasion of Ukraine's Crimea region.

The US had previously ejected 35 Russian diplomats in December 2016, as a response to Russia's election meddling.

"As a result of today’s action, all property and interests in property of the designated persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them," the US Treasury said.

"The recent use of a military-grade nerve agent in an attempt to murder two UK citizens further demonstrates the reckless and irresponsible conduct of [the Russian] government."

Related Articles:

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

Stingray Devices May Interfere With 911 Emergency Calls

US Government Takes Steps to Bolster CVE Program

Senators Demand Voting Machine Vendor Explain Why It Dismisses Researchers Prodding Its Devices

Recent DNC Hacking Attempt Was Just a Simulated Phishing Test