US slaps new sanctions on Russia over NotPetya cyberattack, election meddling

The FBI also warned of Russian government actors targeting the energy grid and other critical infrastructure.

putin.jpg

(Image: File photo)

The White House has introduced a new round of sanctions on Russia, accusing the government of launching "the most destructive and costly cyberattack in history."

In a statement, the US Treasury said it has targeted 19 individuals and five entities for their parts in conducting "destabilizing activities," including interfering with the US elections in 2016 to their involvement with launching the NotPetya attack last year.

NotPetya was the second global ransomware attack last year, which the Trump administration attributed to the Russian military in February. The attack resulted in billions of dollars worth of damage across Ukraine, Russia, Denmark, the UK, and the US.

Shipping giant Maersk was one of the hardest hit, reporting as much as $300 million in losses due to "serious business interruption," after its systems and servers were infected by the ransomware. The company was forced to reinstall more than 4,000 servers and 45,000 computers in the aftermath.

Read more: A massive cyberattack is hitting organizations around the world | 'Russian military behind NotPetya attacks': UK officially names and shames Kremlin | Petya ransomware: Cyberattack costs could hit $300m for shipping giant Maersk | Everything you need to know: Ransomware: An executive guide to one of the biggest menaces on the web

Only a month earlier, the WannaCry epidemic -- which used leaked exploits developed by the US National Security Agency -- infected hundreds of thousands of computers around the world.

"These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia," said Treasury secretary Steven Mnuchin.

In a separate alert, Homeland Security (DHS) and the FBI warned of Russian government-backed cyberattacks targeting the energy grid and other critical national infrastructure.

"DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities' networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks," said the alert. "After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to industrial control systems."

Those industrial control systems, which include devices, systems, networks, and sensors, are used to monitor and manage critical infrastructure, like power plants, water supplies, and transportation hubs.

To date, the Treasury has sanctioned more than 100 individuals and entities connected with Russia as part of the US government's efforts to counter Russia's "malign cyber activity."

Among those are 13 individuals connected to the notorious Russian troll farm, known as the Internet Research Agency (IRA), which the US government has accused of using Silicon Valley sites and services to interfere with the 2016 elections.

Read more: Google: Russian groups did use our ads and YouTube to influence 2016 elections | How a digital Cold War with Russia threatens the IT industry | Four things we learned when Facebook, Google, Twitter testified in Russia inquiry | Twitter says 50,000 Russia-linked accounts tweeted during 2016 US presidential election

Russian-linked bots used Twitter to coordinate the spread and promotion of "fake news" and extremist content to influence the outcome of the election. Facebook and Google faced criticism from lawmakers for allowing trolls to buy ads and spread misinformation to millions of voters.

It later transpired that the IRA manipulated groups to protest and hold political rallies -- in some cases pitching rival political groups against each other.

The Treasury said it intends to impose additional sanctions to hold Russian government officials and oligarchs "accountable for their destabilizing activities" by cutting access to their US assets.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More