The devastating NotPetya cyberattack that cost billions of dollars worldwide and delayed condom production for several weeks was carried out by the Kremlin, the U.K claimed Wednesday.
In making the remarkable accusation, the British government said Russia was “ripping up the rule book” and “undermining democracy” through powerful cyberweapons.
“We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyberattacks,” Defence Secretary Gavin Williamson said in a statement.
“Russia is ripping up the rulebook by undermining democracy, wrecking livelihoods by targeting critical infrastructure and weaponizing information. We must be primed and ready to tackle these stark and intensifying threats.”
For a government to make such an accusation is rare due to the difficulty of attributing cyber attacks.
Though the Washington Post reported last month that a classified CIA report concluded with “high confidence” that Russia was behind the attack, the U.S. government has refrained from publicly pointing the finger at Moscow.
Security experts had long believed Russia was the perpetrator, however Moscow denied any involvement in the development or dissemination of NotPetya Thursday.
“We categorically reject such accusations,” Kremlin spokesman Dmitry Peskov told journalists. “We consider them unsubstantiated and groundless. This is nothing but a continuation of a Russophobic campaign that is not based on any evidence.”
Denmark, home to Maersk, one of the victims, backed the U.K.’s position. Defense Minister Claus Hjort Frederiksen said the attack “points directly back to the Russian state and the Russian military.”
Originally designed to target Ukrainian companies in the financial, energy and government sectors, the malware quickly spread, affecting organizations and businesses around the world. It also hit critical infrastructure, including computers controlling the ports of Amsterdam and Mumbai, as well as radiation monitors in Chernobyl.
One of the most high profile victims was shipping giant Maersk, which was forced to rebuild 4,000 servers, 45,000 PCs, and 2,500 applications in order to get the business operational again. The company said the attacks costs $300 million.
FedEx claimed the infection cost them $300 million, while Reckitt Benckiser, the makers of Durex and Nurofen, said its bill was $140 million. In total the estimated cost of NotPetya globally is $1.2 billion.
The malware incapacitated around 10 percent of all computers in Ukraine, a country of 42 million people.
Cover image: Fibre-optic cables feed into a server inside a comms room at an office in London, U.K., on Friday, Oct. 16, 2015. (Chris Ratcliffe/Bloomberg via Getty Images)