Malware developed by six Russia’s foreign military intelligence (GRU) hackers cost US companies over $1 billion in losses.
The US State Department announced it is offering a reward of $10 million for information leading to the capture of individuals behind the 2017 attacks, primarily directed at critical infrastructure.
According to the US authorities, GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin deployed malware for the benefit of Russia.
All six individuals work in the GRU’s Unit 74455, also known by cybersecurity researchers as Sandworm Team, Telebots, Voodoo Bear, and Iron Viking. The six individuals were accused of creating and propagating the NotPetya malware in charges filed by the Justice Department in 2020.
The GRU officers were accused of trying to destabilize Ukraine, Georgia, the French election, the 2018 Winter Olympics, and efforts to punish Russia for using a weapons-grade nerve agent on foreign soil.
The recent reward announcement claims that NotPetya attacks damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System, a large US pharmaceutical manufacturer, and other US private sector entities.
“The malicious cyber activities collectively cost these US entities nearly $1 billion in losses,” reads the announcement.
The NotPetya mayhem
NotPetya malware, an encrypting malicious code, primarily targets machines running on Windows OS. The malware encrypts the hard drive and prevents the system from booting.
While researchers discovered the first iterations of the Petya malware family in 2016, the NotPetya malware appeared in a global attack in 2017. The attacks primarily targeted Ukraine, with 80% of all infected devices found in the country.
The malware spread via a Ukrainian tax accounting package, widely used by tax accountants in Ukraine and Ukrainian businesses operating abroad.
The attack devastated Ukrainian IT systems, shutting down the radiation monitoring system at the Chernobyl Nuclear Power Plant, several major banks, airports, the Ukrainian railway, and other critically important organizations.
While the intrusion was masqueraded as a ransomware attack, the true motives behind it are believed to be political. The cyberattack was attributed to Russian state-sponsored hackers, and it came on the eve of the Ukrainian public holiday, Constitution Day.
While Ukraine experienced the brunt of the attack, many companies were affected worldwide. The total global damage of NotPetya is estimated to exceed $10 billion, making it one of the most destructive known cyberattacks.
More from Cybernews:
Subscribe to our newsletter