Get Our Extension
Select Wikiz in another Language
EspañolFrançais
Settings
A
A
Text Highlights
Notes/Citations
Edit on Wikipedia

Share This Article

About Wikiz About Us Cookies Policy Terms & Services Privacy Policy Contact Contact us Enjoying Wikipedia Content? DONATE TO WIKIPEDIA
Enjoying Wikipedia Content? DONATE TO WIKIPEDIA

2017 Ukraine ransomware attacks

From Wikipedia, in a visual modern way
2017 Ukraine ransomware attacks
PetyaA.jpg
Petya's ransom note displayed on a compromised system
Date27–28 June 2017 (2017-06-27 – 2017-06-28)
Location Ukraine[1]
Other locations
TypeCyberattack
CauseMalware, ransomware, cyberterrorism
OutcomeAffected several Ukrainian ministries, banks, metro systems and state-owned enterprises
Suspects Russia (according to statements of Ukrainian authorities, American Michael N. Schmitt and the CIA.)[5][6][7][8][9]

A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms.[10] Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia.[3][11][12] ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.[2] On 28 June 2017, the Ukrainian government stated that the attack was halted.[13] On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.[14]

Discover more about 2017 Ukraine ransomware attacks related topics

Cyberattack

Cyberattack

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organisations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyber attacks have increased with an alarming rate for the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

Ukraine

Ukraine

Ukraine is a country in Eastern Europe. It is the second-largest European country after Russia, which it borders to the east and northeast. Ukraine covers approximately 600,000 square kilometres (230,000 sq mi). Prior to the ongoing Russian invasion, it was the eighth-most populous country in Europe, with a population of around 41 million people. On 1 January 2023, the United Nations estimated the Ukrainian population to be 34.1 million, with record low birth rates. It is also bordered by Belarus to the north; by Poland, Slovakia, and Hungary to the west; and by Romania and Moldova to the southwest; with a coastline along the Black Sea and the Sea of Azov to the south and southeast. Kyiv is the nation's capital and largest city. Ukraine's state language is Ukrainian; Russian is also widely spoken, especially in the east and south.

France

France

France, officially the French Republic, is a country located primarily in Western Europe. It also includes overseas regions and territories in the Americas and the Atlantic, Pacific and Indian Oceans, giving it one of the largest discontiguous exclusive economic zones in the world. Its metropolitan area extends from the Rhine to the Atlantic Ocean and from the Mediterranean Sea to the English Channel and the North Sea; overseas territories include French Guiana in South America, Saint Pierre and Miquelon in the North Atlantic, the French West Indies, and many islands in Oceania and the Indian Ocean. Its eighteen integral regions span a combined area of 643,801 km2 (248,573 sq mi) and had a total population of over 68 million as of January 2023. France is a unitary semi-presidential republic with its capital in Paris, the country's largest city and main cultural and commercial centre; other major urban areas include Marseille, Lyon, Toulouse, Lille, Bordeaux, and Nice.

Germany

Germany

Germany, officially the Federal Republic of Germany, is a country in Central Europe. It is the second-most populous country in Europe after Russia, and the most populous member state of the European Union. Germany is situated between the Baltic and North seas to the north, and the Alps to the south; it covers an area of 357,022 square kilometres (137,847 sq mi), with a population of over 84 million within its 16 constituent states. Germany borders Denmark to the north, Poland and the Czech Republic to the east, Austria and Switzerland to the south, and France, Luxembourg, Belgium, and the Netherlands to the west. The nation's capital and most populous city is Berlin and its main financial centre is Frankfurt; the largest urban area is the Ruhr.

Italy

Italy

Italy, officially the Italian Republic or the Republic of Italy, is a country in Southern and Western Europe. Located in the middle of the Mediterranean Sea, it consists of a peninsula delimited by the Alps and surrounded by several islands; its territory largely coincides with the homonymous geographical region. Italy shares land borders with France, Switzerland, Austria, Slovenia and the enclaved microstates of Vatican City and San Marino. It has a territorial exclave in Switzerland, Campione. Italy covers an area of 301,230 km2 (116,310 sq mi), with a population of about 60 million. It is the third-most populous member state of the European Union, the sixth-most populous country in Europe, and the tenth-largest country in the continent by land area. Italy's capital and largest city is Rome.

Poland

Poland

Poland, officially the Republic of Poland, is a country in Central Europe. It is divided into 16 administrative provinces called voivodeships, covering an area of 312,696 km2 (120,733 sq mi). Poland has a population of 38 million and is the fifth-most populous member state of the European Union. Warsaw is the nation's capital and largest metropolis. Other major cities include Kraków, Wrocław, Łódź, Poznań, Gdańsk, and Szczecin.

Russia

Russia

Russia, or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering 17,098,246 square kilometres (6,601,670 sq mi), and encompassing one-eighth of Earth's inhabitable landmass. Russia extends across eleven time zones and shares land boundaries with fourteen countries. It is the world's ninth-most populous country and Europe's most populous country, with a population of over 147 million people. The country's capital and largest city is Moscow. Saint Petersburg is Russia's cultural centre and second-largest city. Other major urban areas include Novosibirsk, Yekaterinburg, Nizhny Novgorod, and Kazan.

United Kingdom

United Kingdom

The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the continental mainland. It comprises England, Scotland, Wales and Northern Ireland. The United Kingdom includes the island of Great Britain, the north-eastern part of the island of Ireland, and many smaller islands within the British Isles. Northern Ireland shares a land border with the Republic of Ireland; otherwise, the United Kingdom is surrounded by the Atlantic Ocean, the North Sea, the English Channel, the Celtic Sea and the Irish Sea. The total area of the United Kingdom is 242,495 square kilometres (93,628 sq mi), with an estimated 2023 population of over 68 million people.

Australia

Australia

Australia, officially the Commonwealth of Australia, is a sovereign country comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands. With an area of 7,617,930 square kilometres (2,941,300 sq mi), Australia is the largest country by area in Oceania and the world's sixth-largest country. Australia is the oldest, flattest, and driest inhabited continent, with the least fertile soils. It is a megadiverse country, and its size gives it a wide variety of landscapes and climates, with deserts in the centre, tropical rainforests in the north-east, and mountain ranges in the south-east.

ESET

ESET

ESET, s.r.o., is a Slovak software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide, and its software is localized into more than 30 languages.

Associated Press

Associated Press

The Associated Press (AP) is an American not-for-profit news agency headquartered in New York City. Founded in 1846, it operates as a cooperative, unincorporated association, and produces news reports that are distributed to its members, U.S. newspapers and broadcasters. Since the award was established in 1917, the AP has earned 56 Pulitzer Prizes, including 34 for photography. It is also known for publishing the widely used AP Stylebook.

Ransomware

Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Approach

Security experts believe the attack originated from an update of a Ukrainian tax accounting package called MeDoc (M.E.Doc [uk]), developed by Intellect Service.[2] MeDoc was widely used among tax accountants in Ukraine,[15] and the software was the main option for accounting for other Ukrainian businesses, according to Mikko Hyppönen, a security expert at F-Secure.[2] MeDoc had about 400,000 customers across Ukraine, representing about 90% of the country's domestic firms,[8] and prior to the attack was installed on an estimated 1 million computers in Ukraine.[16]

MeDoc provides periodic updates to its program through an update server. On the day of the attack, 27 June 2017, an update for MeDoc was pushed out by the update server, following which the ransomware attack began to appear. British malware expert Marcus Hutchins claimed "It looks like the software's automatic update system was compromised and used to download and run malware rather than updates for the software."[2] The company that produces MeDoc claimed they had no intentional involvement in the ransomware attack, as their computer offices were also affected, and they are cooperating with law enforcement to track down the origin.[15][17] A similar attack via MeDoc software was carried out on 18 May 2017 with the ransomware XData. Hundreds of accounting departments were affected in Ukraine.[18]

The cyberattack was based on a modified version of the Petya ransomware. Like the WannaCry ransomware attack in May 2017, Petya uses the EternalBlue exploit previously discovered in older versions of the Microsoft Windows operating system. When Petya is executed, it encrypts the Master File Table of the hard drive and forces the computer to restart. It then displays a message to the user, telling them their files are now encrypted and to send US$300 in bitcoin to one of three wallets to receive instructions to decrypt their computer. At the same time, the software exploits the Server Message Block protocol in Windows to infect local computers on the same network and any remote computers it can find. Additionally, the NotPetya software was found to use a variant of Mimikatz, a proof-of-concept exploit found in 2011 that demonstrated that user passwords had been retained in computer memory within Windows, exploiting these passwords to help spread across networks.[19]

The EternalBlue exploit had been previously identified, and Microsoft issued patches in March 2017 to shut down the exploit for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016. However, the WannaCry attack progressed through many computer systems that still used older Windows operating systems or older versions of the newer ones, which still had the exploit, or that users had not taken the steps to download the patches. Microsoft issued new patches for Windows XP, Windows Server 2003 and Windows 8 the day after the WannaCry attack. Security expert Lesley Carhart stated that "Every method of exploitation that the attack used to spread was preventable by well-documented means."[20]

Security experts found that the version of Petya used in the Ukraine cyberattacks had been modified, and consequently was renamed NotPetya or Nyetna to distinguish it from the original malware. NotPetya encrypted all of the files on the infected computers, not just the Master File Table, and in some cases the computer's files were completely wiped or rewritten in a manner that could not be undone through decryption.[21][22] Some security experts saw that the software could intercept passwords and perform administrator-level actions that could further ruin computer files. They also noted that the software could identify specific computer systems and bypass infection of those systems, suggesting the attack was more surgical in its goal.[20] Unlike the WannaCry software, a "kill switch" was never found in NotPetya, which could have been used to immediately stop its spread.[23] According to Nicholas Weaver of the University of California the hackers had previously compromised MeDoc "made it into a remote-control Trojan, and then they were willing to burn this asset to launch this attack."[8]

Discover more about Approach related topics

Mikko Hyppönen

Mikko Hyppönen

Mikko Hermanni Hyppönen is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulnerable. He works as the Chief Research Officer at WithSecure and as the Principal Research Advisor at F-Secure.

F-Secure

F-Secure

F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland.

Marcus Hutchins

Marcus Hutchins

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

Ransomware

Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

WannaCry ransomware attack

WannaCry ransomware attack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to organizations' cyber security but many were not implemented due to ignorance of their importance. Some have claimed a need for 24/7 operation, aversion to risking having formerly working applications breaking because of patch changes, lack of personnel or time to install them, or other reasons.

EternalBlue

EternalBlue

EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.

Microsoft Windows

Microsoft Windows

Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for servers, and Windows IoT for embedded systems. Defunct Windows families include Windows 9x, Windows Mobile, and Windows Phone.

Bitcoin

Bitcoin

Bitcoin is a protocol which implements a highly available, public, permanent, and decentralized ledger. In order to add to the ledger, a user must prove they control an entry in the ledger. The protocol specifies that the entry indicates an amount of a token, bitcoin with a minuscule b. The user can update the ledger, assigning some of their bitcoin to another entry in the ledger. Because the token has characteristics of money, it can be thought of as a digital currency.

Server Message Block

Server Message Block

Server Message Block (SMB) is a communication protocol originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provides an authenticated inter-process communication (IPC) mechanism. In 1987, Microsoft and 3Com implemented SMB in LAN Manager for OS/2, at which time SMB used the NetBIOS service atop the NetBIOS Frames protocol as its underlying transport. Later, Microsoft implemented SMB in Windows NT 3.1 and has been updating it ever since, adapting it to work with newer underlying transports: TCP/IP and NetBT. SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication.

Mimikatz

Mimikatz

Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by French programmer Benjamin Delpy and is French slang for "cute cats".

Windows 7

Windows 7

Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly three years earlier. It remained an operating system for use on personal computers, including home and business desktops, laptops, tablet PCs and media center PCs, and itself was replaced in November 2012 by Windows 8, the name spanning more than three years of the product.

Windows 10

Windows 10

Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on July 29, 2015. Windows 10 was made available for download via MSDN and TechNet, as a free upgrade for retail copies of Windows 8 and Windows 8.1 users via the Windows Store, and to Windows 7 users via Windows Update. Windows 10 receives new builds on an ongoing basis, which are available at no additional cost to users, in addition to additional test builds of Windows 10, which are available to Windows Insiders. Devices in enterprise environments can receive these updates at a slower pace, or use long-term support milestones that only receive critical updates, such as security patches, over their ten-year lifespan of extended support. In June 2021, Microsoft announced that support for Windows 10 editions which are not in the Long-Term Servicing Channel (LTSC) will end on October 14, 2025.

Attack

Further information: Petya (malware)

During the attack the radiation monitoring system at Ukraine's Chernobyl Nuclear Power Plant went offline.[24] Several Ukrainian ministries, banks, metro systems and state-owned enterprises (Boryspil International Airport, Ukrtelecom, Ukrposhta, State Savings Bank of Ukraine, Ukrainian Railways) were affected.[25] In the infected computers, important computer files were overwritten and thus permanently damaged, despite the malware's displayed message to the user indicating that all files could be recovered "safely and easily" by meeting the attackers' demands and making the requested payment in Bitcoin currency.[26]

The attack has been seen to be more likely aimed at crippling the Ukrainian state rather than for monetary reasons.[15] The attack came on the eve of the Ukrainian public holiday, Constitution Day (celebrating the anniversary of the approval by the Verkhovna Rada (Ukraine's parliament) of the Constitution of Ukraine on 28 June 1996).[27][28][29] Most government offices would be empty, allowing the cyberattack to spread without interference.[15] In addition, some security experts saw the ransomware engage in wiping the affected hard drives rather than encrypting them, which would be a further disaster for companies affected by this.[15]

A short time before the cyberattack began, it was reported that a senior intelligence officer and head of a special forces detachment unit of the Ukrainian Chief Directorate of Intelligence, colonel Maksym Shapoval, was assassinated in Kyiv by a car bomb.[30] Former government adviser in Georgia and Moldova Molly K. McKew believed this assassination was related to the cyberattack.[31]

On 28 June 2017 the Ukrainian government stated that the attack was halted, "The situation is under complete control of the cyber security specialists, they are now working to restore the lost data."[13]

Following the initial 27 June attack, security experts found that the code that had infected the M.E.Doc update had a backdoor that could potentially be used to launch another cyberattack. On seeing signs of another cyberattack, the Ukrainian police raided the offices of MeDoc on 4 July 2017 and seized their servers. MeDoc's CEO stated that they were not aware there had been a backdoor installed on their servers, again refuted their involvement in the attack, and were working to help authorities identify the source.[16][32] Security company ESET found that the backdoor had been installed on MeDoc's updater service as early as 15 May 2017, while experts from Cisco Systems' Talos group found evidence of the backdoor as early as April 2017; either situation points to the cyberattack as a "thoroughly well-planned and well-executed operation".[33] Ukrainian officials have stated that Intellect Service will "face criminal responsibility", as they were previously warned about lax security on their servers by anti-virus firms prior to these events but did not take steps to prevent it.[34] Talos warned that due to the large size of the MeDoc update that contained the NotPetya malware (1.5 gigabytes), there may have been other backdoors that they have yet to find, and another attack could be possible.[33]

Discover more about Attack related topics

Chernobyl Nuclear Power Plant

Chernobyl Nuclear Power Plant

The Chernobyl Nuclear Power Plant is a nuclear power plant undergoing decommissioning. ChNPP is located near the abandoned city of Pripyat in northern Ukraine 16.5 kilometers (10 mi) northwest of the city of Chernobyl, 16 kilometers (10 mi) from the Belarus–Ukraine border, and about 100 kilometers (62 mi) north of Kyiv. The plant was cooled by an engineered pond, fed by the Pripyat River about 5 kilometers (3 mi) northwest from its juncture with the Dnieper.

Boryspil International Airport

Boryspil International Airport

Boryspil International Airport is an international airport in Boryspil, 29 km (18 mi) east of Kyiv, the capital of Ukraine. It is Ukraine's largest airport, serving 65% of its passenger air traffic, including all its intercontinental flights and a majority of international flights. It is one of two passenger airports that serve Kyiv along with the smaller Zhuliany Airport. Boryspil International Airport was a member of Airports Council International.

Bitcoin

Bitcoin

Bitcoin is a protocol which implements a highly available, public, permanent, and decentralized ledger. In order to add to the ledger, a user must prove they control an entry in the ledger. The protocol specifies that the entry indicates an amount of a token, bitcoin with a minuscule b. The user can update the ledger, assigning some of their bitcoin to another entry in the ledger. Because the token has characteristics of money, it can be thought of as a digital currency.

Public holiday

Public holiday

A public holiday, national holiday, or legal holiday is a holiday generally established by law and is usually a non-working day during the year.

Constitution Day (Ukraine)

Constitution Day (Ukraine)

Constitution Day is a Ukrainian public holiday celebrated on 28 June since 1996. It commemorates the anniversary of the approval by the Verkhovna Rada of the Constitution of Ukraine on 28 June 1996.

Constitution of Ukraine

Constitution of Ukraine

The Constitution of Ukraine is the fundamental law of Ukraine. The constitution was adopted and ratified at the 5th session of the Verkhovna Rada, the parliament of Ukraine, on 28 June 1996. The constitution was passed with 315 ayes out of 450 votes possible. All other laws and other normative legal acts of Ukraine must conform to the constitution. The right to amend the constitution through a special legislative procedure is vested exclusively in the parliament. The only body that may interpret the constitution and determine whether legislation conforms to it is the Constitutional Court of Ukraine. Since 1996, the public holiday Constitution Day is celebrated on 28 June.

Maksym Shapoval

Maksym Shapoval

Maksym Mykhaylovych Shapoval was a senior officer (Colonel) in the Ukrainian military and head of the special forces of the Chief Intelligence Directorate. Col. Shapoval had only recently returned from the conflict zone in eastern Ukraine, and on 27 June 2017, he was assassinated in a car bomb attack in central Kyiv. At the time of his death, Shapoval was investigating Russian involvement in Eastern Ukraine. He collected intel on their locations and weapons, which was able to substantiate Ukraine's position in the war criminal trial in The Hague on Russia's armed aggression. At the time, he was one of the most senior Ukrainian officials killed in action.

Kyiv

Kyiv

Kyiv, also spelled Kiev, is the capital and most populous city of Ukraine. It is in north-central Ukraine along the Dnieper River. As of 1 January 2022, its population was 2,952,301, making Kyiv the seventh-most populous city in Europe.

Georgia (country)

Georgia (country)

Georgia is a transcontinental country at the intersection of Eastern Europe and Western Asia. It is part of the Caucasus region, bounded by the Black Sea to the west, Russia to the north and northeast, Turkey to the southwest, Armenia to the south, and by Azerbaijan to the southeast. The country covers an area of 69,700 square kilometres (26,900 sq mi), and has a population of 3.7 million people. Tbilisi is its capital and largest city, home to roughly a third of the Georgian population.

Moldova

Moldova

Moldova, officially the Republic of Moldova, is a landlocked country in Eastern Europe. It is bordered by Romania to the west and Ukraine to the north, east, and south. The unrecognised state of Transnistria lies across the Dniester river on the country's eastern border with Ukraine. Moldova's capital and largest city is Chișinău.

Backdoor (computing)

Backdoor (computing)

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

ESET

ESET

ESET, s.r.o., is a Slovak software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide, and its software is localized into more than 30 languages.

Attribution

On 30 June, the Security Service of Ukraine (SBU) reported it had seized the equipment that had been used to launch the cyberattack, claiming it to have belonged to Russian agents responsible for launching the attack.[35] On 1 July 2017 the SBU claimed that available data showed that the same perpetrators who in Ukraine in December 2016 attacked the financial system, transport and energy facilities of Ukraine (using TeleBots and BlackEnergy)[36] were the same hacking groups who attacked Ukraine on 27 June 2017. "This testifies to the involvement of the special services of Russian Federation in this attack," it concluded.[7][37] (A December 2016 cyber attack on a Ukrainian state energy computer caused a power cut in the northern part of the capital, Kyiv).[7] Russia–Ukraine relations are at a frozen state since Russia's 2014 annexation of Crimea followed by a Russian government-backed separatist insurgency in eastern Ukraine in which more than 10,000 people had died by late June 2017.[7] (Russia has repeatedly denied sending troops or military equipment to eastern Ukraine).[7] Ukraine claims that hacking Ukrainian state institutions is part of what they describe as a "hybrid war" by Russia on Ukraine.[7]

On 30 June 2017, cyber security firm ESET claimed that the Telebots group (which they claimed had links to BlackEnergy) was behind the attack: "Prior to the outbreak, the Telebots group targeted mainly the financial sector. The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware's spreading capabilities. That's why the malware went out of control."[7] ESET had earlier reported that BlackEnergy had been targeting Ukrainian cyber infrastructure since 2014.[38] In December 2016, ESET had concluded that TeleBots had evolved from the BlackEnergy hackers and that TeleBots had been using cyberattacks to sabotage the Ukrainian financial sector during the second half of 2016.[39]

Around the time of 4 July raid on MeDoc, the $10,000 in bitcoin already collected in the listed wallets for NotPetya had been collected, and experts believed it was used to buy space on the anonymous Tor network. One message posted there purportedly from the NotPetya authors demanded 100,000 bitcoin (about $2.6 million) to halt the attack and decrypt all affected files.[16] On 5 July 2017, a second message purportedly from the NotPetya authors was posted in a Tor website, demanding those that wish to decrypt their files send 100 bitcoin (approximately $250,000). The message was signed with the same private key used by the original Petya ransomware, suggesting the same group was responsible for both.[40]

According to reports cited in January 2018 the United States Central Intelligence Agency claimed Russia was behind the cyberattack, with Russia's Main Intelligence Directorate (GRU) having designed NotPetya.[41] Similarly, the United Kingdom Ministry of Defence accused Russia in February 2018 of launching the cyberattack, that by attacking systems in the Ukraine, the cyberattack would spread and affect major systems in the United Kingdom and elsewhere. Russia had denied its involvement, pointing out that Russian systems were also impacted by the attack.[42]

Wired technology writer Andy Greenberg, in reviewing the history of the cyberattacks, said that the attacks came from a Russian military hacker group called "Sandworm". Greenberg asserted that Sandworm was behind the 2016 blackouts in Kyiv, among other events. The group had been focusing on hacking into Ukraine's financial sector, and sometime in early 2017, had been able to gain access to M.E. Doc's update servers, so that it could be used maliciously to send out the cyberattack in June 2017.[19]

Discover more about Attribution related topics

Security Service of Ukraine

Security Service of Ukraine

The Security Service of Ukraine or SBU is the law enforcement authority and main intelligence and security agency of the Ukrainian government, in the areas of counter-intelligence activity and combating organized crime and terrorism. The Constitution of Ukraine defines the SBU as a military formation, and its staff are considered military personnel with ranks. It is subordinated directly under the authority of the president of Ukraine. The SBU also operates its own special forces unit, the Alpha Group.

BlackEnergy

BlackEnergy

BlackEnergy Malware was first reported in 2007 as an HTTP-based toolkit that generated bots to execute distributed denial of service attacks. In 2010, BlackEnergy 2 emerged with capabilities beyond DDoS. In 2014, BlackEnergy 3 came equipped with a variety of plug-ins. A Russian-based group known as Sandworm is attributed with using BlackEnergy targeted attacks. The attack is distributed via a Word document or PowerPoint attachment in an email, luring victims into clicking the seemingly legitimate file.

Russia–Ukraine relations

Russia–Ukraine relations

There are no diplomatic or bilateral relations between Ukraine and Russia. The two countries have been in a de facto state of war since 24 February 2022, although Russia has invaded Ukrainian Crimea and Donbas regions in February 2014. Following the Ukrainian Revolution of Dignity in 2014, Ukraine's Crimean Peninsula was occupied by unmarked Russian forces, and later illegally annexed by Russia, while pro-Russia separatists simultaneously engaged the Ukrainian military in an armed conflict for control over eastern Ukraine; these events marked the beginning of the Russo-Ukrainian War. In a major escalation of the conflict on 24 February 2022, Russia launched a full-scale invasion of the Ukrainian mainland across a broad front, causing Ukraine to sever all formal diplomatic ties with Russia.

War in Donbas (2014–2022)

War in Donbas (2014–2022)

The war in Donbas, or Donbas war, was an armed conflict in the Donbas region of Ukraine, part of the broader Russo-Ukrainian War.

Eastern Ukraine

Eastern Ukraine

Eastern Ukraine or east Ukraine is primarily the territory of Ukraine east of the Dnipro river, particularly Kharkiv, Luhansk and Donetsk oblasts (provinces). Dnipropetrovsk and Zaporizhzhia oblasts are often also regarded as "eastern Ukraine". In regard to traditional territories, the area encompasses portions of the southern Sloboda Ukraine, Donbas, the eastern Azov Littoral (Pryazovia).

ESET

ESET

ESET, s.r.o., is a Slovak software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide, and its software is localized into more than 30 languages.

Public-key cryptography

Public-key cryptography

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

Central Intelligence Agency

Central Intelligence Agency

The Central Intelligence Agency, known informally as the Agency and historically as the company, is a civilian foreign intelligence service of the federal government of the United States, officially tasked with gathering, processing, and analyzing national security information from around the world, primarily through the use of human intelligence (HUMINT) and conducting covert action. As a principal member of the United States Intelligence Community (IC), the CIA reports to the Director of National Intelligence and is primarily focused on providing intelligence for the President and Cabinet of the United States. Following the dissolution of the Office of Strategic Services (OSS) at the end of World War II, President Harry S. Truman created the Central Intelligence Group under the direction of a Director of Central Intelligence by presidential directive on January 22, 1946, and this group was transformed into the Central Intelligence Agency by implementation of the National Security Act of 1947.

GRU

GRU

The Main Directorate of the General Staff of the Armed Forces of the Russian Federation, formerly the Main Intelligence Directorate, and still commonly known by its previous abbreviation GRU, is the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation. The GRU controls the military intelligence service and maintains its own special forces units.

Ministry of Defence (United Kingdom)

Ministry of Defence (United Kingdom)

The Ministry of Defence is the department responsible for implementing the defence policy set by His Majesty's Government, and is the headquarters of the British Armed Forces.

Wired (magazine)

Wired (magazine)

Wired is a monthly American magazine, published in print and online editions, that focuses on how emerging technologies affect culture, the economy, and politics. Owned by Condé Nast, it is headquartered in San Francisco, California, and has been in publication since March/April 1993. Several spin-offs have been launched, including Wired UK, Wired Italia, Wired Japan, and Wired Germany.

Andy Greenberg

Andy Greenberg

Andy Greenberg is a technology journalist serving as a senior writer at Wired magazine. He previously worked as a staff writer at Forbes magazine and as a contributor for Forbes.com. He has published the books This Machine Kills Secrets concerning whistleblowing as well as Sandworm, concerning the eponymous hacking group.

Affected companies

Companies affected include Antonov, Kyivstar, Vodafone Ukraine, lifecell, TV channels STB, ICTV and ATR, Kyiv Metro, UkrGasVydobuvannya (UGV), gas stations WOG, DTEK, EpiCentre K, Kyiv International Airport (Zhuliany), Prominvestbank, Ukrsotsbank, KredoBank, Oshchadbank and others,[13] with over 1,500 legal entities and individuals having contacted the National Police of Ukraine to indicate that they had been victimized by 27 June 2017 cyberattack.[43] Oshchadbank was again fully functional on 3 July 2017.[44] Ukraine's electricity company's computers also went offline due to the attack; but the company continued to fully operate without using computers.[8]

While more than 80% of affected companies were from Ukraine, the ransomware also spread to several companies in other geolocations, due to those businesses having offices in Ukraine and networking around the globe. Non-Ukrainian companies reporting incidents related to the attack include food processor Mondelez International,[45] the APM Terminals subsidiary of international shipping company A.P. Moller-Maersk, the FedEx shipping subsidiary TNT Express (in August 2017 its deliveries were still disrupted due to the attack),[46] Chinese shipping company COFCO Group, French construction materials company Saint Gobain,[47] advertising agency WPP plc,[48] Heritage Valley Health System of Pittsburgh,[49] law firm DLA Piper,[50] pharmaceutical company Merck & Co.,[51] consumer goods maker Reckitt Benckiser, and software provider Nuance Communications.[52] A Ukrainian police officer believes that the ransomware attack was designed to go global so as to distract from the directed cyberattack on Ukraine.[53]

The cost of the cyberattack had yet to be determined, as, after a week of its initial attack, companies were still working to mitigate the damage. Reckitt Benckiser lowered its sales estimates by 2% (about $130 million) for the second quarter primarily due to the attack that affected its global supply chain.[52][54] Tom Bossert, the Homeland Security adviser to the President of the United States, stated that the total damage was over US$10 billion.[19] Among estimated damages to specific companies included over US$870 million to Merck, US$400 million to FedEx, US$384 million to Saint-Gobain, and US$300 million to Maersk.[19]

Discover more about Affected companies related topics

Antonov

Antonov

Antonov State Enterprise, formerly the Aeronautical Scientific-Technical Complex named after Antonov, and earlier the Antonov Design Bureau, for its chief designer, Oleg Antonov, is a Ukrainian aircraft manufacturing and services company. Antonov's particular expertise is in the fields of very large aeroplanes and aeroplanes using unprepared runways. Antonov has built a total of approximately 22,000 aircraft, and thousands of its planes are operating in the former Soviet Union and in developing countries.

Kyivstar

Kyivstar

Kyivstar is a Ukrainian telecommunications company, providing communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine.

Lifecell

Lifecell

lifecell ) is the third largest Ukrainian mobile telephone network operator, covering 98.82% of Ukrainian inhabited territory. The company is wholly owned by Turkcell. Lifecell's dialing prefixes are +38063, +38093 and +38073.

ICTV (Ukraine)

ICTV (Ukraine)

ICTV is a privately held TV channel in Ukraine. Its coverage area allows it to be received by 56.6% of the Ukrainian population, making the channel the fourth in the nation in terms of coverage, and third by the viewers' ratings.

ATR (TV channel)

ATR (TV channel)

ATR is a Ukrainian TV Channel whose target audience is Crimean Tatars. It was broadcasting in Crimea, Ukraine from 1 September 2006 until 1 April 2015 when it was forced to shut down by annexing Russian authorities after failing to register under Russian law. In mid-June 2015 the channel resumed its broadcasting in mainland Ukraine and has since then been located in Kyiv. When located in Crimea most of the channel's programs were in Russian (60%) with 35% in Crimean Tatar and 5% in Ukrainian. The channel uses Tamga as its brand logo.

Kyiv Metro

Kyiv Metro

The Kyiv Metro is a rapid transit system in Kyiv owned by the Kyiv City Council and operated by the city-owned company Kyivsky Metropoliten. It was initially opened on November 6th, 1960, as a single 5.24 km (3.26 mi) line with five stations. It was the first rapid transit system in Ukraine and the third in the Soviet Union, after the Moscow and St. Petersburg metros.

DTEK

DTEK

DTEK is the largest private investor in the energy industry in Ukraine. The company's enterprises generate electricity at solar, wind and thermal power plants; extract coal and natural gas, trade energy products in the Ukrainian and foreign markets, distribute and supply electricity to consumers, and develop a grid of supercharger stations for e-vehicles.

Kyiv International Airport (Zhuliany)

Kyiv International Airport (Zhuliany)

Ihor Sikorsky Kyiv International Airport (Zhuliany) (Ukrainian: Міжнародний аеропорт «Київ» імені Ігоря Сікорського (Жуляни)) (IATA: IEV, ICAO: UKKK) is one of the two passenger airports of the Ukrainian capital Kyiv, the other being Boryspil International Airport (also used for Kyiv). It is owned by the municipality of Kyiv and located in the Zhuliany neighbourhood, about seven kilometres (four nautical miles) southwest of the city centre. Aside from facilitating regular passenger flights, Kyiv International Airport is also the main business aviation airport in Ukraine, and one of the busiest business aviation hubs in Europe.

KredoBank

KredoBank

PJSC "KredoBank" is the bank with the largest Polish investment in banking institution in Ukraine. Kredobank's national network contains 88 outlets throughout Ukraine. 100% of Kredobank's shares belong to PKO Bank Polski, the biggest bank of Poland. KREDOBANK is a member of the Independent Association of Ukrainian banks and European Business Association. Also, Kredobank is a member of such international payment systems, as MasterCard Worldwide, Visa International and the Deposit Guarantee Fund. The bank has the highest national credit rank - uaAAA by Standart-Rating and Expert-Rating rating agencies.

National Police of Ukraine

National Police of Ukraine

The National Police of Ukraine, often simply referred to as the Politsiya, is the national, and only, police service of Ukraine. It was formed on 3 July 2015, as part of the post-Euromaidan reforms launched by Ukrainian president Petro Poroshenko, to replace Ukraine's previous national police service, the Militsiya. On 7 November 2015, all the remaining militsiya were labelled "temporary acting" members of the National Police.

Energy Company of Ukraine

Energy Company of Ukraine

Energy Company of Ukraine is a dissolved state-owned holding company for electricity assets in Ukraine under Ministry of Fuel and Energy. On 4 September 2014, the Government of Ukraine decided to dissolve the company. The process should be carried out within five months.

Mondelez International

Mondelez International

Mondelez International, Inc., styled as Mondelēz International, is an American multinational confectionery, food, holding and beverage and snack food company based in Chicago. Mondelez has an annual revenue of about $26 billion and operates in approximately 160 countries. It ranked No. 108 in the 2021 Fortune 500 list of the largest United States corporations by total revenue.

Reaction

Secretary of the National Security and Defence Council of Ukraine Oleksandr Turchynov claimed there were signs of Russian involvement in the 27 June cyberattack, although he did not give any direct evidence.[55] Russian officials have denied any involvement, calling Ukraine's claims "unfounded blanket accusations".[35] NATO Secretary-General Jens Stoltenberg vowed on 28 June 2017 that NATO would continue its support for Ukraine to strengthen its cyber defence.[56] The White House Press Secretary released a statement on 15 February 2018 attributing the attack to the Russian military, calling it "the most destructive and costly cyberattack in history."[57]

Discover more about Reaction related topics

Oleksandr Turchynov

Oleksandr Turchynov

Oleksandr Valentynovych Turchynov is a Ukrainian politician, screenwriter, Baptist minister and economist. He is the former Secretary of the National Security and Defence Council of Ukraine.

NATO

NATO

The North Atlantic Treaty Organization, also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two North American. Established in the aftermath of World War II, the organization implemented the North Atlantic Treaty, signed in Washington, D.C., on 4 April 1949. NATO is a collective security system: its independent member states agree to defend each other against attacks by third parties. During the Cold War, NATO operated as a check on the perceived threat posed by the Soviet Union. The alliance remained in place after the dissolution of the Soviet Union and has been involved in military operations in the Balkans, the Middle East, South Asia, and Africa. The organization's motto is animus in consulendo liber.

Jens Stoltenberg

Jens Stoltenberg

Jens Stoltenberg is a Norwegian politician who has been serving as the 13th Secretary General of NATO since 2014. A member of the Norwegian Labour Party, he previously served as the 34th Prime Minister of Norway from 2000 to 2001, and again from 2005 until 2013.

Source: "2017 Ukraine ransomware attacks", Wikipedia, Wikimedia Foundation, (2022, December 29th), https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks.

Enjoying Wikiz?

Enjoying Wikiz?

Get our FREE extension now!

Download Extension

Further Reading

ESET

Ransomware

Cyberwarfare

Wiper (malware)

Cyberattack

CryptoLocker

WannaCry ransomware attack

Petya and NotPetya

Ryuk (ransomware)

2022 Ukraine cyberattacks
See also
References
  1. ^ a b c d e f Rothwell, James; Titcomb, James; McGoogan, Cara (27 June 2017). "Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down". The Daily Telegraph. Archived from the original on 16 February 2018. Retrieved 5 April 2018.
  2. ^ a b c d e "Tax software blamed for cyber-attack spread". BBC News. 28 June 2017. Archived from the original on 28 June 2017. Retrieved 28 June 2017.
  3. ^ a b c Turner, Giles; Verbyany, Volodymyr; Kravchenko, Stepan (27 June 2017). "New Cyberattack Goes Global, Hits WPP, Rosneft, Maersk". Bloomberg. Archived from the original on 5 November 2019. Retrieved 27 June 2017.
  4. ^ "Businesses warned again to update patches as Petya ransomware hits Australian offices". Financial Review. 28 June 2017. Archived from the original on 30 June 2017. Retrieved 3 July 2017.
  5. ^ "Oleksandr Turchynov: One of the mechanisms for spreading a dangerous computer virus was a system for updating the accounting software – National Security and Defense Council of Ukraine". RNBO. Archived from the original on 19 October 2017. Retrieved 30 June 2017.
  6. ^ "SBU establishes involvement of the RF special services into Petya.A virus-extorter attack". Security Service of Ukraine. Archived from the original on 19 October 2017. Retrieved 4 July 2017.
  7. ^ a b c d e f g "Ukraine points finger at Russian security services in recent cyber attack". Reuters. 1 July 2017. Archived from the original on 1 July 2017. Retrieved 1 July 2017.
  8. ^ a b c d Borys, Christian (26 July 2017). "Ukraine braces for further cyber-attacks". BBC News. Archived from the original on 26 July 2017. Retrieved 26 July 2017.
  9. ^ Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes Archived 13 January 2018 at the Wayback Machine Washington Post, 2018
  10. ^ Prentice, Alessandra (27 June 2017). "Ukrainian banks, electricity firm hit by fresh cyber attack". Reuters. Archived from the original on 16 July 2019. Retrieved 27 June 2017.
  11. ^ Scott, Nicole Perlroth, Mark; Frenkel, Sheera (27 June 2017). "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. ISSN 0362-4331. Archived from the original on 13 April 2018. Retrieved 4 July 2017.
  12. ^ "Global ransomware attack causes chaos". BBC News. 27 June 2017. Archived from the original on 27 June 2017. Retrieved 27 June 2017.
    Burgess, Matt. "There's another 'worldwide' ransomware attack and it's spreading quickly". Wired UK. Archived from the original on 31 December 2017. Retrieved 27 June 2017.
  13. ^ a b c Cyber attack on Ukrainian government and corporate networks halted Archived 11 May 2020 at the Wayback Machine, Ukrinform (28 June 2017)
  14. ^ "Companies still hobbled from fearsome cyberattack". Associated Press. 30 June 2017. Archived from the original on 19 October 2017. Retrieved 3 July 2017.
  15. ^ a b c d e Kramer, Andrew (28 June 2017). "Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows". The New York Times. Archived from the original on 29 June 2017. Retrieved 29 June 2017.
  16. ^ a b c Satter, Raphael (5 July 2017). "Ukraine says it foiled 2nd cyberattack after police raid". The Washington Post. Associated Press. Retrieved 5 July 2017.
  17. ^ Frenkel, Sheera (27 June 2017). "Global Ransomware Attack: What We Know and Don't Know". The New York Times. Archived from the original on 27 June 2017. Retrieved 28 June 2017.
  18. ^ Красномовец, Павел (24 May 2017). "Все, что известно про вирус-вымогатель XData: кто под угрозой и что делать". AIN.UA (in Russian). Archived from the original on 28 June 2017. Retrieved 29 June 2017.
  19. ^ a b c d Greenberg, Andy (23 August 2018). "The Untold Story of NotPetya, the Most Devastating Cyberattack in History". Wired. Archived from the original on 22 August 2018. Retrieved 23 August 2018.
  20. ^ a b Borys, Christian (4 July 2017). "The day a mysterious cyber-attack crippled Ukraine". BBC. Archived from the original on 7 July 2017. Retrieved 8 July 2017.
  21. ^ Polityuk, Pavel (29 June 2017). "Global cyber attack likely cover for malware installation in Ukraine: police official". Reuters. Archived from the original on 29 June 2017. Retrieved 29 June 2017.
  22. ^ Petroff, Alanna (30 June 2017). "Experts: Global cyberattack looks more like 'sabotage' than ransomware". CNN. Archived from the original on 1 July 2017. Retrieved 30 June 2017.
  23. ^ Petroff, Alanna (28 June 2017). "Europol: There's no 'kill switch' for malware attack". CNN. Archived from the original on 19 October 2017. Retrieved 30 June 2017.
  24. ^ Griffin, Andrew (27 June 2017). "Chernobyl's radiation monitoring system has been hit by the worldwide cyber attack". The Independent. Archived from the original on 18 August 2019. Retrieved 27 June 2017.
  25. ^ Dearden, Lizzie (27 June 2017). "Ukraine cyber attack: Chaos as national bank, state power provider and airport hit by hackers". The Independent. Archived from the original on 30 August 2019. Retrieved 27 June 2017.
  26. ^ "Cyber-attack was about data and not money, say experts". BBC News. 29 June 2017. Archived from the original on 29 June 2017. Retrieved 29 June 2017.
    "Tuesday's massive ransomware outbreak was, in fact, something much worse". Ars Technica. 28 June 2017. Archived from the original on 17 July 2017. Retrieved 28 June 2017.
  27. ^ 1996: THE YEAR IN REVIEW Archived 3 March 2016 at the Wayback Machine, The Ukrainian Weekly (29 December 1996)
  28. ^ Lee, David (28 June 2017). "'Vaccine' created for huge cyber-attack". BBC News. Archived from the original on 28 June 2017. Retrieved 28 June 2017.
  29. ^ "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. 27 June 2017. Archived from the original on 27 June 2017. Retrieved 28 June 2017.
  30. ^ Luhn, Alec. "Ukrainian military intelligence officer killed by car bomb in Kiev". The Guardian. Archived from the original on 13 April 2019. Retrieved 28 June 2017.
  31. ^ McKew, Molly (27 June 2017). "A killing in Kiev shows how the West continues to fail Ukraine". The Washington Post. Archived from the original on 27 June 2017. Retrieved 28 June 2017.
  32. ^ Stubbs, Jack (5 July 2017). "Ukraine scrambles to contain new cyber threat after NotPetya attack". Reuters. Archived from the original on 7 July 2017. Retrieved 5 July 2017.
  33. ^ a b Goodin, Dan (5 July 2017). "Backdoor built in to widely used tax app seeded last week's NotPetya outbreak". Ars Technica. Archived from the original on 8 July 2017. Retrieved 5 July 2017.
  34. ^ Satter, Raphael (3 July 2017). "Official: firm at center of cyberattack knew of problems". Associated Press. Archived from the original on 5 July 2017. Retrieved 7 July 2017.
  35. ^ a b "Ukraine Says Seized Equipment Used by Russia to Launch Malware Attacks". The NY Times. Reuters. 30 June 2017. Archived from the original on 30 June 2017. Retrieved 30 June 2017.
  36. ^ "Software: BlackEnergy, Black Energy – ATT&CK". attack.mitre.org. Archived from the original on 19 October 2017. Retrieved 4 July 2017.
  37. ^ "Ukraine Security Service Blames Russia For Recent Cyberattack". Radio Free Europe. 1 July 2017. Archived from the original on 1 July 2017. Retrieved 1 July 2017.
  38. ^ "Russian" BlackEnergy malware strikes at Ukrainian media and energy firms Archived 15 March 2017 at the Wayback Machine’, SC Magazine (4 January 2016)
  39. ^ Telebots cybergang toolset reminiscent of BlackEnergy Archived 19 October 2017 at the Wayback Machine’, SC Magazine (15 December 2016)
  40. ^ Brandom, Russell (5 July 2017). "Petya ransomware authors demand $250,000 in first public statement since the attack". The Verge. Archived from the original on 6 July 2017. Retrieved 5 July 2017.
  41. ^ Nakashima, Ellen (12 January 2018). "Russian military was behind 'NotPetya' cyberattack in Ukraine, CIA concludes". The Washington Post. Archived from the original on 13 January 2018. Retrieved 15 February 2018.
  42. ^ Marsh, Sarah (15 February 2018). "UK blames Russia for NotPetya cyber-attack last year". The Guardian. Archived from the original on 15 February 2018. Retrieved 15 February 2018.
  43. ^ Virus Petya has hurt more than 1,5 thousand legal entities and individuals Archived 2 July 2017 at the Wayback Machine’, Ukrayinska Pravda (29 June 2017) (in Ukrainian).
  44. ^ "Oschadbank" resume the work of all departments on July 3 Archived 19 October 2017 at the Wayback Machine’, Ukrayinska Pravda (1 July 2017) (in Ukrainian).
  45. ^ Voß, Oliver (3 July 2017). "Milka-Fabrik steht seit einer Woche still". Tagesspiegel (in German). Archived from the original on 5 July 2017. Retrieved 5 July 2017.
  46. ^ Customers 'furious' with TNT after cyber-attack meltdown Archived 1 June 2018 at the Wayback Machine, BBC News (9 August 2017)
  47. ^ Auchard, Eric; Stubbs, Jack; Prentice, Alessandra (29 June 2017). "New computer virus spreads from Ukraine to disrupt world business". Reuters. Archived from the original on 28 June 2017. Retrieved 30 June 2017.
  48. ^ Perlroth, Nicole; Scott, Mark; Frenkel, Sheera (27 June 2017). "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. Archived from the original on 13 April 2018. Retrieved 6 July 2017.
  49. ^ Henley, Jon; Solon, Olivia (27 June 2017). "'Petya' ransomware attack strikes companies across Europe and US". The Guardian. Archived from the original on 1 May 2021. Retrieved 6 July 2017.
  50. ^ Petroff, Alanna; Larson, Selena (28 June 2017). "Another big malware attack ripples across the world". CNN. Archived from the original on 5 July 2017. Retrieved 6 July 2017.
  51. ^ Massarella, Linda (27 June 2017). "Europe cyberattack also breaches Merck headquarters in US". New York Post. Archived from the original on 5 July 2017. Retrieved 5 July 2017.
  52. ^ a b Perlroth, Nicole (6 July 2017). "Lasting Damage and a Search for Clues in Cyberattack". The New York Times. Archived from the original on 7 July 2017. Retrieved 7 July 2017.
  53. ^ Polityuk, Pavel; Auchard, Eric (29 June 2017). "Global cyber attack likely cover for malware installation in Ukraine: police official". Kiev, Frankfurt: Reuters. Archived from the original on 29 June 2017. Retrieved 30 June 2017.
  54. ^ Geller, Martinne; Sandle, Paul (6 July 2017). "Reckitt Benckiser trims sales forecasts after cyber attack". Reuters. Archived from the original on 6 July 2017. Retrieved 6 July 2017.
  55. ^ Ukraine Is 'Ground Zero' For Hackers In Global Cyberattacks Archived 1 July 2017 at the Wayback Machine, Radio Free Europe (28 June 2017 )
  56. ^ Stoltenberg: NATO to increase aid to Ukraine in field of cyber defense Archived 2 November 2017 at the Wayback Machine, Ukrinform (28 June 2017)
  57. ^ "Statement from the Press Secretary". whitehouse.gov. Archived from the original on 3 February 2021. Retrieved 11 October 2019 – via National Archives.
External links
Categories

The content of this page is based on the Wikipedia article written by contributors..
The text is available under the Creative Commons Attribution-ShareAlike Licence & the media files are available under their respective licenses; additional terms may apply.
By using this site, you agree to the Terms of Use & Privacy Policy.
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization & is not affiliated to WikiZ.com.