The European Council has launched, for the first time in history, sanctions against those who responsible for cyber attacks. As we can see in an official statement, they are directed accusations at six people and three entities for attacking the Organization for the Prohibition of Chemical Weapons, among others.
The attacks would have been made using malware such as WannaCry, NotPeya or Operation Cloud Hopper. Those responsible for these attacks have been imposed a travel ban and their bank accounts have been frozen, in addition to prohibiting any citizen or company of the European Union from contributing any amount of money.
WannaCry was the tool used in the 2017 attack on many government instutions and companies, for most of the time blocking their intranet and forced company employees to close their computers or make the data through the network unreachable. The classic ransomware that we all fear appeared on the screens of these computers : “We have encrypted your data and we will unlock it as soon as you pay us a few bitcoins.” For its part, NotPeya works by obtaining full access to a local computer network.
What happened in the past?
Already in 2017, the European Union worked in a community legal framework called the Cyber Diplomacy Toolbox with which to respond jointly to cyber attacks. This legal framework has been ratified “recently”, and now it is the first time that it has been used with the intention of discouraging attacks that go against the interests of the member states of the Union. In the statement, the Council takes the opportunity to ” reiterate the need to strengthen international cooperation to apply the rules in this area.”
Considering that malware is increasingly complex and that cyber attacks are increasingly relevant at the geopolitical level, it is not surprising that measures of this type are being taken at the institutional level. Time will tell if these sanctions are the first in a series of legal retaliations by the European Council.