The ‘NotPetya’ malware attacks could spark an international cyber war, according to a Nato researcher. Part of Nato’s Cooperative Cyber Defence Centre of Excellence Tomáš Minárik believes that ‘retaliation’ could be warranted if it is revealed that the malware outbreak was state sponsored. Minárik said that the malware could count as a ‘violation of State sovereignty’ and that would open up the possibility of counterattacks. Minárik’s comments come after Nato concluded that the malware outbreak – which hit Ukraine hardest but also affected 60 other countries – is ‘most likely attributable to a State actor’.
Minárik, said: “As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty. Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures.”
While Minárik warned that a cyber-attack could trigger an armed response, he said that the possibility of countermeasures would more likely come in the former of retaliatory cyber attacks.
The assumption that NotPetya is State sponsored arouse due to its disgused nature. Originally presumed to be a ransomware similar to the WannaCry virus, it soon emerged that virus is in fact a malware designed to infiltrate and potentially wipe out government systems.
Unlike WannaCry, an earlier piece of ransomware also suspected of being the work of state-sponsored attackers (in that case, explicitly linked to North Korea by intelligence agencies including the NSA and GCHQ), NotPetya did not contain any functionality enabling it to spread unconstrained across the internet, limiting the vast majority of its damage to those organisations directly infected by the compromised accounting software.
Kaspersky Lab was the first company to reach this conclusion dubbing the virus ‘NotPetya’. Vyacheslav Zakorzhevsky, head of anti-malware team at Kaspersky Lab said that the firm’s initial reports suggest that it is not a variant of the Petya ransomware at all. “Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before,” he said. “The company’s telemetrics data indicates around 2,000 attacked users so far. Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, Germany and several other countries. The attack vector is not yet known.”
Meanwhile, the Ukrainian police force are now investigating the possibility that the attack is in fact a form of malware disguised as a ransomware in order to infiltrate government systems in preparation for a future attack. The malicious code in the new virus encrypted data on computers and demanded victims pay a $300 ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May. However, a Ukrainian police spokesman said that the likelihood of the new attack being a true ransomware is unlikely. “Since the virus was modified to encrypt all data and make decryption impossible, the likelihood of it being done to install new malware is high," the official said.