It’s been nearly four days since a malware attack disabled computers in Ukraine, as well as elsewhere in Europe and parts of the United States, in an attack that could be the latest offensive in Russia’s ongoing conflict with Ukraine, and the administration of President Donald Trump has yet to weigh in.
“If indeed it turns out that this is more than just a simple criminal enterprise, but reflects a state-based effort to intimidate or bully another state, in this case Ukraine on its Constitution Day, that in and of itself is really noteworthy,” says Michael Sulmeyer, project director of the Belfer Center Cyber Security Project at the Harvard Kennedy School and a former cyber policy official in the Defense Department, “because now we’re talking about using cyber capabilities for the exercise of state power and international security.”
A spokesman for the National Security Council did not return an email asking about the administration’s response to the situation, and White House spokeswoman Sarah Huckabee Sanders did not respond to a request for comment.
This latest malware attack occurred late Monday night and into Tuesday morning, when it became evident that an electric power supplier in Kiev, Ukraine, had been hit with what was thought to be ransomware, illicit software that encrypts a victim computer’s files or drives until a ransom is paid. Major corporations in other countries also suffered a cyberattack, including shipping behemoth Maersk, international law firm DLA Piper, and a hospital system in Pittsburgh.
Researchers soon learned that the code making up the malware—whether by design or accident—prevented the locked files from being decrypted. They also learned that one of the key methods of infection was through updates to accounting software called MeDoc, which is widely used by companies based in and doing business in Ukraine, and by Ukrainians to pay their taxes.
Those factors, along with the fact that Russia has been consistently pounding the Ukraine with attacks—cyber and otherwise—led some researchers to believe that the attack was not just a run-of-the-mill ransomware episode, but rather a state-sponsored cyberattack. Bolstering that view is the fact that on the morning of the cyberattack, a Ukrainian military intelligence officer was murdered in a car bombing in Kiev. The attack also began just before the nation celebrated the anniversary of the ratification, in 1996, of its first constitution after independence from the Soviet Union.
“I think this was directed at us,” Roman Boyarchuk, the head of the Center for Cyber Protection in Ukraine’s State Service for Special Communications and Information Protection, told Wired magazine. “This is definitely not criminal. It is more likely state-sponsored.” As for the theory that Russia is behind the attacks, Boyarchuk told Wired that “it’s difficult to imagine anyone else would want to do this.”
It’s unclear whether Trump will address the episode or the broader issue of Russian cyber activity when he meets with Russian President Vladimir Putin at the G20 summit in Hamburg, Germany, at the end of next week. National Security Adviser H.R. McMaster told reporters Thursday that Trump has “no specific agenda” going into the summit, but that the president had tasked his staff with coming up with plans to confront “Russia’s destabilizing behavior,” including cyber threats or “political subversion” in the United States or Europe.
Sulmeyer points out that latest meeting of the United Nations Group of Governmental Experts, which was working to come to a set of international cyberspace norms, fell apart without an agreement last week. “You start to wonder, in a situation [like this], what should be the rules of the road,” he says. “And is there any prospects for the international community to ever agree on any?”