Nato warns cyber attacks 'could trigger Article 5' as world reels from Ukraine hack

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank Credit: VALENTYN OGIRENKO/Reuters

A cyber attack against any member state would trigger c  - Nato's mutual defence clause -  the alliance has warned after a massive computer hack paralysed government ministries and dozens of businesses in Ukraine before spreading around the world. 

The latest global cyber attack is believed to have been designed to cause chaos rather than extort money. Ukrainian officials have pointed at Russia, which is fighting an undeclared war with Ukraine in the east of the country and has been blamed for previous cyber attacks on Kiev.

Jens Stoltenberg, the Nato secretary general, said alliance members agreed last year that a cyber attack could trigger Article 5 of the north Atlantic treaty in the same way as a conventional military assault and promised more help to Ukraine to bolster its own cyber defences.

Jens Stoltenberg said cyber attacks could trigger Nato's Article Five
Jens Stoltenberg said cyber attacks could trigger Nato's Article 5 Credit:  FRANCOIS LENOIR/Reuters

"The attack in May and this week just underlines the importance of strengthening our cyber defences and that is what we are doing,” Mr Stoltenberg said at a press conference in Brussels on Wednesday.

"We exercise more, we share best practices and technology, and we also work more and more closely with allies."

“Nato helps Ukraine with cyber defence and has established a trust fund to finance programs to help Ukraine improve its cyber defences,” he said. “We will continue to do this and it is an important part of our cooperation.”

Mr Stoltenberg said the alliance had also defined cyber defence as a Nato domain on a par with land, air, and sea operations, and would see similar planning and funding as a result.  

On Tuesday Michael Fallon, the British defence secretary, said the UK would consider retaliating with military means against a cyber attack by another state, reflecting rising concern about the militarization of cyber space the havoc such attacks can cause.

ATMs belonging to Ukraine's state owned Obshcha Bank were disabled by the attack
ATMs belonging to Ukraine's state owned Obshcha Bank were disabled by the attack Credit: STEPAN FRANKO/EPA

The promise came as businesses ranging from an Australian chocolate factory to India’s largest port counted the cost of the Petya ransomware epidemic, which broke out in Ukraine on Tuesday afternoon before spreading around the globe.

The virus, a form of ransomware dubbed “Petya” or "NotPetya" stops computers from being able to launch and demands a $300 (£234) payment in exchange for decrypting frozen files.

It remain unclear how the virus spread across companies. Kaspersky Lab, a Russian cyber security firm, said on Tuesday it had tracked the outbreak to a Ukrainian local government website that had been hacked and used to distribute the malware via a “drive-by-download “ to visitors’ computers.

“To our knowledge no specific exploits were used in order to infect victims. Instead, visitors were served with a malicious file that was disguised as a Windows update,” the company said in a statement.

Production was reportedly halted at Cadbury's Hobart factory following the attack
Production was reportedly halted at Cadbury's Hobart factory following the attack Credit: BARBARA WALTON/EPA

Other security experts said it could have entered companies' systems through a flaw in accounting software used in Ukraine. "It seems to track back to a piece of software that is mandated by the Ukrainian Government when you're doing business there to file taxes," said Professor Alan Woodward, cyber security expert at the University of Surrey.

Almost all government departments, the central bank, a state-run aircraft manufacturer,  the Chernobyl nuclear plant, and Kiev’s main airport and metro network were all temporarily paralysed as the virus spread on Tuesday afternoon.

The Ukrainian government said on Wednesday morning that attacks had stopped and that affected organizations were operating “as normal.”

Disruption continued elsewhere, however, with an official at Mumbai port saying on Wednesday that no containers could be loaded or unloaded at a terminal run by Maersk. An Australian official said a Cadbury’s chocolate factory in Tasmania halted production after computers were infected.

A computer hacked by a virus known as Petya in Yekaterinburg, Russia
A computer hacked by a virus known as Petya in Yekaterinburg, Russia Credit: Donat Sorokin/Tass

In Russia, the state-owned oil firm Rosneft said retail was temporarily disrupted at its service stations. 

Experts believe Tuesday’s attack used an exploit similar to last month’s WannaCry ransomware attack, which hit hundreds of thousands of users around the world including the NHS.

Unlike WannaCry, however, the latest attack seemed designed to sow chaos rather than extort money, despite the ransom message that appeared on victims’ screens.

“The money-gathering element was amateurish and not in line with what we expect from professional cyber criminals,” said Brian Lord, a former deputy director of intelligence at GCHQ and now managing director of security firm PGI Cyber.  

“That suggests the motivations are actually either a deliberate attempt or experimental attempt to create disruption, operational disruption, to larger government and corporate organizations.”

Mr Lord cautioned that there is currently not sufficient evidence to tie the hacks to a state-on-state attack.

The WannaCry ransom attack in May crippled hundreds of thousands of computers, including many belonging to the NHS
The WannaCry ransom attack in May crippled hundreds of thousands of computers, including many belonging to the NHS Credit:  RITCHIE B. TONGO/EPA

Some Ukrainian commentators have blamed the attack on Russia, and said it may have been coordinated with the assassination of a senior Ukrainian intelligence officer.

Maksim Shapoval, a colonel in Ukrainian military intelligence, was killed when a bomb exploded under his Mercedes in Kiev early on Wednesday morning.  Col Shapoval had recently returned from eastern Ukraine, where Ukrainian troops are fighting Russian-backed separatist forces. 

Anton Gerashchenko, an aide to the Interior Ministry, described the attacks as "part of the overall strategy of the hybrid war of the Russian Empire against Ukraine" and said the demands for ransom payments were merely cover for an attempt to destabilize the country.

Another intelligence officer, Col Yuri Vozny, was killed in an apparent car bombing in east Ukraine on Wednesday, local media said.

The Russian government on Wednesday called for international action to tackle cyber crime.

License this content