The UK government has attributed a massive ransomware attack from 2017 to the Russian military.
The NotPetya ransomware targeted companies in Ukraine, attacking its government, financial and energy institutions last June. It ended up causing collateral damage to global companies with offices in Ukraine, including Maersk, FedEx and Merck. The cyberattack ended up costing Maersk up to $300 million in lost revenue.
"The Kremlin has positioned Russia in direct opposition to the West, yet it doesn't have to be that way," said Tariq Ahmad, foreign office minister for cybersecurity. "We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it."
Ahmad said Russia's "reckless" attack showed a "continued disregard for Ukrainian sovereignty" and cost organizations across Europe hundreds of millions of pounds.
The Ukraine government said it found evidence linking the attack to Russian hackers in July. UK officials also noted that the hackers used ransomware as a disguise for an attack clearly meant to destroy data and cause chaos.
"The malware was not designed to be decrypted. This meant that there was no means for victims to recover data once it had been encrypted. Therefore, it is more accurate to describe this attack as destructive than as ransomware," the UK's National Cyber Security Centre said in its statement.
This is only the second time the agency has attributed an attack to a nation-state. The first was when the NCSC attributed the WannaCry ransomware attack to North Korea.