In the wake of last week’s massive Petya ransomware attack in Eastern Europe, researchers are reaching consensus that the incident was a politically-motivated cyberattack. According to CNBC, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) recently put out a statement claiming that the attack was like done by a state actor or a group with state approval. The development means that the cyberattack could be viewed as an act of war, triggering Article 5 of the Washington Treaty and compelling NATO allies to respond.
“As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty,” wrote Tomáš Minárik, a researcher at the CCD COE law branch, in the release. “Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures.”
The statement puts the CCD COE, a NATO-sponsored cybersecurity research center based in Estonia, in agreement with researchers poring over the details of the attack. The Petya virus was seemingly aimed at central Ukrainian institutions instead of a broad array of ransom targets, and Ukraine bore the brunt of the attack. That fact, along with the basic errors that make ransom seem like a poor reason for a campaign of this scale and complexity, makes it looks like cyber criminals were not the culprits.
“The operation was not too complex, but still complex and expensive enough to have been prepared and executed by unaffiliated hackers for the sake of practice,” the Centre wrote in the release. “Cyber criminals are not behind this either, as the method for collecting the ransom was so poorly designed that the ransom would probably not even cover the cost of the operation.”
It’s possible Russia sponsored the campaign, given its history of military and cyber attacks in Ukraine, though there’s no concrete evidence proving the Russian government’s involvement. What’s more, some major Russian firms were hit in the attack. However, the Ukrainian state security service is blaming Moscow, claiming yesterday that the same Russian hackers who took down the country’s power grid last year were behind the hacks.