A day after the White House officially blamed Russia for the NotPetya cyberattack that roiled networks across 64 countries in 2017, the administration’s cybersecurity czar on Friday announced that the U.S. will pursue countermeasures. Rob Joyce, White House cybersecurity coordinator and special assistant to the president, told CNBC, “We’re going to work on the international stage to impose consequences. Russia has to understand that they have to behave responsibly on the international stage. So we’re going to see levers the U.S. government can use to impose those costs.”
White House Press Secretary Sarah Huckabee Sanders had also hinted at retaliation in a statement on Thursday, which was uncharacteristically forceful given the administration’s usual sheepishness in calling out the Kremlin. Like Joyce, she promises there will “consequences,” though it’s unclear what exactly that will entail:
“In June 2017, the Russian military launched the most destructive and costly cyber-attack in history. The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”
NotPetya was a form of ransomware launched in June 2017 that initially appeared to be designed to pillage its targets for financial gain, but turned out to have the blunter goal of effectively destroying data. Experts believe the virus was intended to destabilize Ukraine, as the cyberattack hit the country the hardest. Ukrainian banks, government agencies, and transportation infrastructure were among the entities affected.
It even hit the radiation monitors at Chernobyl.
However, the virus quickly spread to multinational corporations like FedEx and Merck, costing them hundreds of millions of dollars apiece. Tens of thousands of computers across multiple continents were permanently encrypted as the malware barreled through networks with the help of leaked National Security Agency hacking methods.
Both the U.S. and U.K. governments have now for the first time explicitly condemned Russia for the attack this week, though the Kremlin had been pretty much everyone’s primary suspect for a while. The Ukrainian government fingered the Russian military almost immediately, and the Washington Post obtained classified CIA documents last month indicating the agency had “high confidence” Russia was to blame. Russia, for its part, has denied responsibility for the attack. Dmitry Peskov, a spokesman for the Kremlin, told the BBC, “It’s not more than a continuation of the Russophobic campaign.”