The British government, through Tariq Ahmed, Secretary of State for Foreign Affairs, has attributed the NotPetya attacks to the Russian government. Ahmed says this based on conclusions from a British internet security service.
According to Ahmed, the Russian Defense Department was responsible for the NotPetya malware distributed in June 2017. He said the malware’s purpose was to disrupt certain sectors of society, with Ahmed citing Ukraine’s financial, energy and government sectors as prime targets.
Ahmed makes these statements based on security experts from the British National Cyber Security Centre. According to this service, the Russian military was ‘almost certainly’ responsible for the NotPetya attacks. Further substantiation for this conclusion has not been disclosed.
In July 2017, the Ukrainian government also pointed the finger of blame at Russia. The Ukrainian secret service was convinced that the perpetrators are the same hackers who attacked the country’s electricity grid in December 2016. This connection was also made by security firm ESET.
The NotPetya malware was mainly distributed through the accounting software MeDoc from the Ukrainian company Intellect Service. At first it appeared to be the Petya ransomware, but later it turned out that only parts of the code had been reused. This is how the name NotPetya was born. According to several researchers, the malware was not intended as ransomware, but as a means to cause as much damage as possible. According to Microsoft, NotPetya affected less than 20,000 systems, 70 percent of which were in Ukraine.