Suspected involvement in destabilization efforts, including the devastating NotPetya attack that rocked healthcare, brought sanctions and killed partnerships this week.
Twice this week, Western governments have taken punitive action against Russian companies and individuals out of suspicion that they contributed to ongoing cyberwarfare operations, including the now-notorious NotPetya attack that caused massive headaches for healthcare last summer.
On June 11th, the United States Department of the Treasury slapped a fresh batch of economic sanctions on 3 individuals and 5 entities believed to have provided material or technological support to Russia’s Federal Security Service (FSB) in its cyberwarfare efforts.
The FSB was blamed for launching NotPetya as a fake ransomware attack directed against Ukrainian infrastructure. Despite apparent efforts to target its spread, the cyberweapon ended up infecting enormous international companies, causing service delays and wiping out billions in revenue. American healthcare entities like Merck and Nuance Communications, both of which have operations or partnerships in Ukraine, fell victim to the attack
For that and other “destabilizing cyber activities”—including cyber intrusions against the US power grid—US citizens are now forbidden from doing business with firms Digital Security, ERPScan, Embedi, Kvant Scientific Research Institute, and Divetechnoservices. Three Divetechnoservices executives also made the list, and US-based assets belonging to the sanctioned parties are now blocked.
That news was followed a day later by the European Union’s decision to label software from Kaspersky, one of the world’s best-known cybersecurity firms, as “malicious” while urging member states not to adopt it. The company, which has continually denied claims that it has nefarious ties to the Russian government, had previously assisted the EU on its “No More Ransomware” campaign, and with efforts to recover from the WannaCry attack that crippled the United Kingdom’s National Health Service in May, 2017.
In the wake of the European Parliament’s declaration, Kaspersky suspended activities with the EU and its participation in the campaign.
“We have protected the EU for 20 years working with law enforcement leading to multiple arrests of CYBERCRIMINALS,” founder Eugene Kaspersky tweeted yesterday, adding that, “The way we conducted public-private partnership is unfortunately ceased until the withdraw of the European Parliament decision.”
In December 2017, the US banned use of Kaspersky’s anti-virus software in federal government machines. While recommending the move, the Department of Homeland Security wrote that Kaspersky’s anti-virus software could gain “broad access to files and elevated privileges on the computers on which the software is installed,” and that ties between “certain Kaspersky officials and Russian intelligence” were cause for concern. Russian law also allows the country’s intelligence agencies to compel compliance and assistance from private companies.
Speaking to Healthcare Analytics News™, cybersecurity experts described the NotPetya attack as intelligently designed and “elegant.” In addition to mechanisms meant to restrain its spread to Ukraine, it also acted differently when it encountered machines running Kaspersky’s software.
CrowdStrike analysis showed that “if the victim machine has avp.exe (associated with Kaspersky antivirus) process running, NotPetya will NOT encrypt the [main file table],” meaning that Kaspersky-protected machines would be recoverable while other systems were destroyed completely.
It remains unclear, according to some experts, why that was the case. In its own analysis of the attack, published a day after it first hit, Kaspersky told infected users “Don’t pay the ransom. It won’t help.”
The company was given the opportunity to respond to the US ban, and it has committed to making its software code open source to disprove allegations of involvement with Russian government activities. It claims to cover over 400 million users and 270,000 corporate clients around the globe.