US: Russia's NotPetya the Most Destructive Cyberattack Ever

Both the US and the UK attributed last year’s NotPetya attack to the Russian military. The Trump administration said the attack would be met with "international consequences."

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read

UK officials say Russia was behind the NotPetya, aka GoldenEye, ransomware attack. 


The US and UK governments have attributed a massive ransomware attack from 2017 to the Russian military.

The NotPetya ransomware targeted companies in Ukraine, attacking its government, financial and energy institutions last June. It ended up causing collateral damage to global companies with offices in Ukraine, including Maersk, FedEx and Merck. The cyberattack ended up costing Maersk up to $300 million in lost revenue.

The Trump Administration released a statement on Thursday calling it the "most destructive and costly cyber-attack in history," noting that it caused billions of dollars of damage in Europe, Asia and the Americas.

The White House press secretary's office said the attack was part of the Kremlin's efforts to destabilize Ukraine, and added that there would be repercussions for the Russian military.

"This was also a reckless and indiscriminate cyber-attack that will be met with international consequences," a statement from the White House press secretary said. 

Cyberattacks have become the US government's greatest concern, as intelligence agencies note that these hacks have affected the world's politics and economy. At the Senate Intelligence committee's annual "Worldwide Threats" hearing on Tuesday, the Director of National Intelligence Dan Coats noted that cyberattacks are most likely to come from Russia, North Korea and China. 

The White House statement comes just a day after the UK government attributed the attack on the Russian military. Tariq Ahmad, the UK's foreign office minister for cybersecurity, said Russia's "reckless" attack showed a "continued disregard for Ukrainian sovereignty" and cost organizations across Europe hundreds of millions of pounds.

"The Kremlin has positioned Russia in direct opposition to the West, yet it doesn't have to be that way," said Tariq Ahmad, foreign office minister for cybersecurity. "We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it."

The Ukraine government said it found evidence linking the attack to Russian hackers in July. UK officials also noted that the hackers used ransomware as a disguise for an attack clearly meant to destroy data and cause chaos.

"The malware was not designed to be decrypted. This meant that there was no means for victims to recover data once it had been encrypted. Therefore, it is more accurate to describe this attack as destructive than as ransomware," the UK's National Cyber Security Centre said in its statement.

This is only the second time the agency has attributed an attack to a nation-state. The first was when the NCSC attributed the WannaCry ransomware attack to North Korea

The NotPetya ransomware attack hit last June after the malware attached itself to MeDoc, Ukraine's most popular tax-filing software. From there, it spread to multi-billion-dollar organizations, which had branches in Ukraine. Like the WannaCry ransomware attack, it used stolen techniques from the National Security Agency to spread rapidly. 

The attack reached more than 200,000 computers around the world, even though it was only targeted toward Ukraine. Unlike normal ransomware, however, the NotPetya actually destroyed data, meaning that even if the victims paid the ransom, there was no way of recovering their system.

Updated at 1:12 p.m. PT: To include the White House's statements on NotPetya and at 1:41 p.m. PT: To add details on the NotPetya ransomware.