NotPetya pre-boot ransom note

BREAKING— The UK has become the first major Western country to formally accuse the Russian military of orchestrating and launching the NotPetya ransomware outbreak.

"The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017," said Foreign Office Minister Lord Ahmad in a statement published online a few minutes ago.

"The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds," Lord Ahmad added.

"The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way," Lord Ahmad also said. "We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it."

GRU operatives most likely behind the attack

The UK Foreign Office Minister did not specifically point the finger at any specific entity of the Russian military, but a Washington Post article citing CIA sources published in mid-January pegged the Russian Military's Main Intelligence Directorate (abbreviated GRU) as the one department that created NotPetya.

A report authored by the Estonian Foreign Intelligence Service claims that the GRU military spy agency is also behind APT28, a cyber-espionage unit also known as Fancy Bear, responsible for hacks all over the world, including the infamous DNC hack.

Ukraine's Secret Service (SBY) has not been shy about blaming Russia for the NotPetya ransomware incident, going public with their accusations just days after the incident.

On the other hand, US officials did not make any official comments in regards to NotPetya attribution. They did blame North Korea for the WannaCry outbreak, though, and so did the UK.

UK: Russian military was "almost certainly" behind NotPetya

Lord Ahmad's statement was also accompanied by a note from the UK's National Cyber Security Centre which said it "assesses that the Russian military was almost certainly responsible for the destructive NotPetya cyber-attack."

The NotPetya ransomware outbreak took place on June 27, 2017, and targeted mainly Ukrainian companies through a tainted update of a local accounting software. Unfortunately, NotPetya infections spread to other businesses across the world due to shared and interconnected networks.

NotPetya was followed by the Bad Rabbit ransomware outbreak on October 24, though less damaging, believed to be a modified version of NotPetya, and which many also suspect Russia may have had a hand in.

Related Articles:

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

New Ransomware using DiskCryptor With Custom Ransom Message