U.S. Condemns Russia for Cyberattack, Showing Split in Stance on Putin - The New York Times

The United States joined Britain in blaming Russia for a huge cyberattack that targeted Ukraine. Credit... Mladen Antonov/Agence France-Presse — Getty Images

WASHINGTON — The United States on Thursday joined Britain in formally blaming Russia for a huge cyberattack last June that was aimed at Ukraine but crippled computers worldwide, a highly public naming-and-shaming exercise that could further fray relations with Moscow.

The White House threatened unspecified “international consequences” for the attack, which it said “was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.”

The statement, issued by the press secretary, Sarah Huckabee Sanders, said the attack, known by the name NotPetya, was “reckless and indiscriminate” and spread rapidly, “causing billions of dollars in damage across Europe, Asia and the Americas.”

NotPetya, which had the characteristics of a ransomware attack, had been widely identified by cybersecurity experts as coming from Russia, so the attribution was no surprise. But the decision of the United States and Britain to nearly simultaneously condemn the Russian military is noteworthy.

It underscores the dichotomy between the administration’s consistently tough stance toward Russia on issues involving Ukraine and President Trump’s continued reluctance to criticize President Vladimir V. Putin over anything else.

In December, the White House approved the sale of lethal defensive weapons to the Ukrainian military for its battle against Russian-backed forces in eastern Ukraine. Yet Mr. Trump continues to soft-pedal allegations that Russia interfered in the 2016 presidential election, even after the nation’s intelligence agencies concluded that it did — an assessment that intelligence chiefs reiterated in Senate testimony this week.

Image NotPetya, which had the characteristics of a ransomware attack, had been widely identified by cybersecurity experts as coming from Russia.

Administration officials declined to say what steps the United States would take against Russia. But they could include both sanctions against Russian officials involved in the attack and covert measures — any of which would be likely to fray an already fragile relationship.

The administration’s public statement echoed one in mid-December when it publicly blamed North Korea for a damaging ransomware attack known as Wannacry. In that case, however, the United States did not follow up with stiff penalties, in part because North Korea was already under heavy sanctions for its nuclear and ballistic missile programs.

“President Trump has used just about every lever you can use, short of starving the people of North Korea, to change their behavior,” the homeland security adviser, Thomas P. Bossert, said at the time. “So we don’t have a lot of room left here to apply pressure.”

Punishing other nations for cyberattacks has proven exceedingly difficult, particularly when the players are as sophisticated as North Korea and Russia. The Russian government flatly denied the allegations that it carried out the attack.

“We think they have no basis and no foundation, and this is nothing else but the continuation of the Russo-phobic campaign,” the Kremlin’s spokesman, Dmitry Peskov, told reporters.

The administration had planned to issue the statement a day earlier to coincide with that of the British, according to a senior official, but delayed it after the deadly school shooting in Parkland, Fla.

The White House statement made no mention of an embarrassing related fact: The NotPetya attacks took advantage of vulnerabilities identified by the National Security Agency and then made public by a group calling itself the Shadow Brokers.

The Shadow Brokers, which some officials believe to be a front for Russian intelligence, obtained many of the N.S.A.’s most valuable hacking tools, either by breaking into the agency’s computer networks or with the help of an insider. The group has posted much of the stolen malware on the web; North Korea’s hackers probably used the tools in their attack.

In a ransomware attack, the victim’s files are encrypted, locking them out of their own computer systems, until they pay a ransom. Cybersecurity researchers estimate that criminals made more than $1 billion through these attacks last year, with victims ranging from the chief executives of major companies to small businesses and private individuals.

While the motive for many ransomware attacks is financial, Russia’s involvement suggests it was part of a broader strategy to destabilize Ukraine that dates back to Russia’s annexation of Crimea in 2014.

The NotPetya attack originated in Ukraine, according to security researchers, apparently timed to strike a day before a holiday marking the 1996 adoption of Ukraine’s first constitution. It eventually spread to 64 countries, including Poland, Germany, Italy, and Russia itself.

The administration’s action came as intelligence agencies warned that Russia was already meddling in the American midterm elections, using bots and other fake accounts on social media to spread disinformation.

“We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokespeople and other means of influence to try to exacerbate social and political fissures in the United States,” Dan Coats, the director of national intelligence, told the Senate Intelligence Committee at its annual hearing on worldwide threats.

“There should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” Mr. Coats added.