show image

Oscar Williams

News editor

The UK government has vowed to make Russia pay for the NotPetya cyber attack

The UK government has vowed to make Russia pay for the NotPetya ransomware attack that crippled critical infrastructure across Europe last year.

The defence secretary Gavin Williamson accused the Russian government of “ripping up the rulebook” by “undermining democracy” and “wrecking livelihoods” by targeting critical service providers.

Lord Tariq Ahmad, the Foreign Office minister for cyber security, added: “The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.”

NotPetya paralysed dozens of organisations across Europe in June, including Ukraine’s central government and national bank, British advertising giant WPP and German manufacturers, among others.

Governments have historically shied away from publicly attributing state-sponsored cyber attacks. But Williamson’s intervention marks the second time the UK has done so in the last 12 months alone.

The Foreign Office said in a statement that the decision to name Russia “underlines the fact that the UK and its allies will not tolerate malicious cyber activity”.

In June, GCHQ’s public-facing wing, the National Cyber Security Centre, linked North Korea to the WannaCry virus that paralysed parts of the NHS and thousands more organisations in May.

The intelligence agency’s investigation corroborated the findings of America’s National Security Agency (NSA), which traced the ransomware back to the North Korean Lazarus Group.

NotPetya was named the most devastating ransomware attack of the year by Webroot researchers, who said they positioned the strike above WannaCry because it targeted infrastructure.

Williamson said the attack showed the world has “entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber-attacks”.

“We must be primed and ready to tackle these stark and intensifying threats,” he added.

Philip Hammond confirmed in 2016 that GCHQ was developing tools to retaliate against cyber attacks: “If we do not have the ability to respond in cyberspace to an attack which takes down our power network – leaving us in darkness or hits our air traffic control system grounding our planes – we would be left with the impossible choice of turning the other cheek, ignoring the devastating consequences, or resorting to a military response.”