On the same day the U.K. cast the blame on Russia for NotPetya, the White House followed suit with Cybersecurity Coordinator Rob Joyce saying at a European conference Friday that Russia would be force to pay the costs of the June 2017 attacks which spread across 64 countries and cost those affected billions of dollars.
Noting that the U.S. was “going to work on the international stage to impose consequences” so that Russia would “understand that they have to behave responsibly on the international stage," CNBC cited Joyce as saying at the Munich Security Conference that “we're going to see levers the U.S. government can do to impose those costs."
On Thursday afternoon, White House Press Secretary Sarah Sanders said in a statement that the attack was “part of the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing conflict,” promising that the “reckless and indiscriminate cyberattack that will be met with international consequences.”
It is now widely accepted that the attack most likely started when hackers allegedly compromised the update server of Ukrainian accounting software company MeDoc so it would dispense NotPetya to unsuspecting victims. Check Point Software Technologies has reported that in May the same company is suspected of being involved in the distribution of XData ransomware.
The White House's damning words came just hours after British Foreign Office Minister of Cybersecurity Lord Tariq Ahmad said the U.K. had fingered Russia as the culprit behind NotPetya, "The U.K. government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyberattack," Ahmad said.
It's not clear what kind of “consequences” Russia will face for instigating the attacks.