According to Nato Law Expert , 'NotPetya' Ransomware Hacks May Lead to Military Response

If NotPetya is sponsored by a nation state it could be grounds for retaliation by Nato, say researchers.

While a cyber attack can trigger an armed response from Nato, Minárik cautioned that the damage caused by NotPetya in Ukraine and elsewhere was not sufficient for such an escalation.

The NotPetya pseudo-ransomware, which bricked the drives of machines belonging to firms and organizations all over the globe including Maersk, Merck, and the Ukrainian government last month "could count as a violation of sovereignty," says to a legal expert working for NATO's cybersecurity department.

If it was discovered that the NotPetya malware was orchestrated by a nation-state or government than it could open the opportunity for retaliation, according to Tomáš Minárik, a researcher at the organization's Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. This could be mean counter-hacking, or other, less novel means of response, like sanctions. However, the researcher clarified that military response is out of the question.

Minárik, came out with his statement after the Cyber Defence Centre decided that the NotPetya malware, which nearly crippled Ukraine and also hit 60 other nations and organizations is probably controlled by a state government.

Even though a hacking campaign can technically lead to an armed response from NATO, Minárik said that the damages done by the NotPetya ransomware were not enough to result in such an extreme response. According to the law only a cyber-attack, which causes damage "with consequences comparable to an armed attack" can provoke an armed response.

However, Minárik said that "as important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty. Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures."

A countermeasure is categorized as a nation state response that would normally be illegal but can be launched as a response to a purposefully wrongful act or attack by another nation. Counter-hacking is one possible reaction, which can be constituted as a countermeasure, but NATO rules say that such responses don't need to be necessarily digital in nature. However, they cannot affect the countries or use force.

The notion that the NotPetya malware may have been created by a state agency or a state-controlled actor arose at the end of June. It was dubbed "NotPetya" because it was modeled suspiciously much like the Petya ransomware, which hit the Internet shortly before.
Even though NotPetya appears to be ransomware, it's actually something else entirely. Normal ransomware holds their victims' data hostage and demand money for its release. NotPetya, however, does not. The installation key string, which created individual keys for each victim, appeared to be entirely random for one. Another thing is the payment system was connected to an email address outside the malware operators' control, and it was swiftly blocked by the webmail provider, stopping the victims from getting their decryption keys, if they ever intended to give them one in the first place.

NotPetya's true function is believed to have been that of a wiper, a malware created to basically render machines unusable and useless, which in turn causes financial damage. It propagated quickly inside the systems of businesses by using two exploits originally developed by the NSA and subsequently leaked by the Shadow Brokers, and by exploiting more common vulnerabilities in older Windows systems.

Unlike other ransomware, NotPetya did not have any features, which allowed it to run wild through the Internet, so the only victims were the ones directly hit by the malware.