PanARMENIAN.Net

July 3, 2017 - 13:43 AMT

NATO says 'state actor' was behind the massive ransomware attack

A "state actor" was behind the cyberattack that hit over 12,000 devices in around 65 countries on Tuesday, June 27 hitting major industries from advertising to oil, according to NATO, CNBC reports.

The "Petya" ransomware attack encrypted files on a computer and demanded $300 worth of the cryptocurrency bitcoin in order to unlock them. Kaspersky Lab estimates at least 2,000 targets were affected, mostly in Russia and the Ukraine, but attacks were registered in several other countries, including Germany, the U.K. and China.

Researching the attack, NATO says it was likely launched by a state actor, or by a non-state actor with support and approval from a state, as the operation was very complex and expensive.

"The operation was not too complex, but still complex and expensive enough to have been prepared and executed by unaffiliated hackers for the sake of practice. Cyber criminals are not behind this either, as the method for collecting the ransom was so poorly designed that the ransom would probably not even cover the cost of the operation," NATO's Cooperative Cyber Defense Centre of Excellence (CCD COE), said in a press release on Friday.

The implications of this mean that the cyberattack could be interpreted as an act of war, according to the organization. On Wednesday, NATO secretary general Jens Stoltenberg said a cyber attack could trigger Article 5, the principal of collective defense.

"As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty. Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures," Tomáš Minárik, researcher at NATO's CCD COE law branch, in the press release.

NATO investigators added that the cyberattack was a "declaration of power" and a demonstration of the culprit's ability to cause disruption.

More than 30 percent of affected firms were financials, according to analysis by Kaspersky Lab, while at least half of those targeted were industrial organizations, such as utilities, oil and gas, transportation, logistics, manufacturing and other companies.