In retaliation for past cyberattacks against member countries, the European Council of the EU has ruled to sanction three companies and six individuals over historical cyberattacks. This is the first time the EU has taken such a move, although the United States has already imposed sanctions on some of the named people for the same reasons and urged other democratic countries to do the same.
In a statement, the European Council said:
“Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool.”
The sanctions relate to various cybersecurity incidents. North Korea is accused of deploying the WannaCry ransomware cryptoworm to raise revenue for its government before losing control of it, resulting in a wave of attacks around the world in 2017. Russia, meanwhile, is charged with allowing its military to release the NotPetya strain of ransomware in Ukraine, which subsequently spread around the globe. It is also charged with try to compromise the network of the Organisation for the Prohibition of Chemical Weapons (OPCW) at a time when the government in the Netherlands was investigating flight MH17 of Malaysia Airlines, which investigators concluded was hit by a Russian missile over Ukraine. China, meanwhile, is accused of making a series of attacks against cloud providers.
Of the individuals sanctioned, four are alleged Russian GRU agents responsible for the OPCW Wi-Fi cyberattack. The remaining two are said to be members of the Chinese APT 10 threat group that was responsible for the attacks against cloud providers. The three sanctioned companies are divided equally between Russia, China, and North Korea.
The people and organisations named in the sanctions will now have any assets in the EU frozen, and they will no longer be able to travel to EU member countries. Furthermore, it will now be forbidden for entities and people within the EU to provide them with money.
Dominic Raab, the UK Foreign Secretary, backed the move, saying:
“Today's actions will raise the cost on malicious cyber activity by state and non-state actors and will help counter future hostile activity in cyberspace. The UK was at the forefront of efforts to establish the EU Cyber Sanctions regime and we will continue to implement this regime after the end of the Transition Period.”
The sanctions will hopefully exert a dissuasive effect on state-sponsored hackers, who may have previously felt untouchable due to the patronage from their governments. Cybercriminals come in many varieties, however, so the threat of cybercrime will persist for some time to come. At Pro-Networks, we help organisations to secure themselves against the various forms of cyberattack with our managed IT support services, developing tailored approaches based on an optimal combination of technology, standards compliance, and cybersecurity training.