The cybersecurity expert Brian Krebs: The malware has undergone a rebrand. Binary is virtually identical, and employs the same "MZ-as-alternative-entrypoint" trick.
All Five Eyes countries blamed Russia for the NotPetya cyber attack. The US statement
All Five Eyes countries – USA, UK, Canada, Australia and New Zealand – have officially blamed Russia for the NotPetya cyber attack. The White House Press Secretary wrote: “In June 2017, the Russian military launched the most destructive and costly cyber-attack in history. The attack, dubbed ‘NotPetya,’ quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences”.
UK: We will not tolerate malicious cyber activity
In UK Foreign Office Minister condemns Russia for NotPetya cyber attacks. Lord Tariq Ahmad has attributed the NotPetya cyber-attack to the Russian Government. “The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity – MOFA reported -. The attack masqueraded as a criminal enterprise but its purpose was principally to disrupt. Primary targets were Ukrainian financial, energy and government sectors. Its indiscriminate design caused it to spread further, affecting other European and Russian business”.
Lord Ahmad: Russian military was responsible for the destructive NotPetya cyber attack
Foreign Office Minister for Cyber Security Lord Ahmad of Wimbledon said: “The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber attack of June 2017. The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds. The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it. The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm. We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace”.
The CSE of Canada: Actors in Russia were responsible for developing NotPetya and for the cyber attack
In Canada the Communication Security Establishment (CSE) wrote: “A safe and secure cyber space is important for the stability of Canada and the safety and prosperity of all Canadians. Many of Canada’s allies and partners have made statements regarding the malware known as NotPetya. CSE also assesses that actors in Russia were responsible for developing NotPetya. Canada condemns the use of the NotPetya malware to indiscriminately attack critical financial, energy, government, and infrastructure sectors around the world in June 2017. As previously stated, the Government of Canada continues to strongly oppose the use of cyberspace for reckless and destructive criminal activities. We remain committed to working with our allies and partners to maintain the open, reliable and secure use of cyber space”.
CSE: We work with Shared Services Canada and our other partners to ensure Government of Canada networks are well defended against this type of attack
CSE “works diligently with Shared Services Canada and our other partners to ensure Government of Canada networks are well defended against this type of attack. We are pleased to say there is no indication that Government of Canada systems were negatively impacted or that any information – personal or otherwise – was compromised. CSE’s dynamic cyber defence security systems remain ready to defend Government of Canada systems and help protect against any future attacks. These systems allow CSE to work with our domestic and international partners to help keep Canada safe from malicious cyber activities, regardless of the threat actor. Cyber security remains a team effort. CSE always takes the opportunity to invite individual Canadians and organizations to read and follow our Top 10 IT Security Actions for important tips that will help protect against cyber threats like NotPetya”.
Australia: Russian state sponsored actors were responsible for the malware incident
The Australian government has joined United States and the United Kingdom “in condemning Russia’s use of the ‘NotPetya’ malware to attack critical infrastructure and businesses in June 2017. Based on advice from Australian intelligence agencies, and through consultation with the USA and UK, the Australian Government has judged that Russian state sponsored actors were responsible for the incident. Computers were infected by a sophisticated piece of malware – or malicious software – that masqueraded as ransomware. ‘NotPetya’ interrupted the normal operation of banking, power, airports and metro services in Ukraine. While the brunt of the impact was felt in Ukraine, the malware spread globally, affecting a number of major international businesses causing hundreds of millions of dollars in damage”.
The Canberra government condemns Russia’s behaviour, which posed grave risks to the global economy, government operations and services, business activity and the safety and welfare of individuals
The Australian Government “condemns Russia’s behaviour, which posed grave risks to the global economy, to government operations and services, to business activity and the safety and welfare of individuals. The Australian Government is further strengthening its international partnerships through an International Cyber Engagement Strategy to deter and respond to the malevolent use of cyberspace. The Government is committed to ensuring the Australian public sector, businesses and the community are prepared for evolving cyber threats”.
New Zealand: While NotPetya masqueraded as a criminal ransomware campaign, its real purpose was to damage and disrupt systems
New Zealand too joined international condemnation of NotPetya cyber attack. “The Director-General of the Government Communications Security Bureau (GCSB) Andrew Hampton has added New Zealand’s voice to international condemnation of the NotPetya cyber-attack. NotPetya caused wide spread damage and disruption to computer systems around the world in June 2017. Mr Hampton says the GCSB’s international partners have today attributed the NotPetya cyber-attack to the Russian Government. ‘While NotPetya masqueraded as a criminal ransomware campaign, its real purpose was to damage and disrupt systems – Mr Hampton said -. Its primary targets were Ukrainian financial, energy and government sectors. However, NotPetya’s indiscriminate design caused it to spread around the world affecting these sectors world-wide”.
Mr Hampton: While there were no reports of NotPetya having a direct impact in New Zealand, we’re not immune from this tyoe of cyber threat
“While there were no reports of NotPetya having a direct impact in New Zealand Mr Hampton argued – it caused disruption to some organisations while they updated systems to protect themselves from it. This reinforces that New Zealand is not immune from this type of threat. In a globally connected world our relative geographic isolation offers no protection from cyber threats. We support the actions of our cyber security partners in calling out this sort of reckless and malicious cyber activity.” “In the 12 months from June 2016 to June 2017 nearly a third (122) of the 396 serious incidents recorded by the GCSB’s National Cyber Security Centre involved indicators that have previously been linked to state-sponsored actors”.