Huge Cyber Attack Hits Ukraine, Then Ransomware Goes Global

When computers throughout vital industries started freezing late Tuesday morning, Ukraine knew it was in trouble. And then, there were the murders ...

Photo Illustration by Elizabeth Brockway/The Daily Beast

LVIV, Ukraine—At about 11:00 on Tuesday morning, local time, Ukraine found itself under a massive cyber attack: dozens of state and private websites and computer systems at strategic companies reported their websites frozen with the same message on the screen that said: “Ooops, your important files encrypted.” Soon, that message was spreading around the world.

The list of companies included the computer systems at Borispol airport, the biggest state power distributor Ukrenergo, several banks and the state mail service.

The systems froze with black and red icons on the screens giving instructions, with one of them suggesting that the users send $300 worth of bitcoins to a certain online address.  By midday Ukrainian cyber police reported 22 companies hit by the attack, which the specialists said had a gentle Russian name, a diminutive for Peter: “Petya.A.”

One of the Ukrainian companies under attack complained to the cyber specialists that on Tuesday morning all its computers first rebooted, then began to check their memory; and when employees turned their computers off to then plug them back in, they saw the black and red warning, the message from the virus. Ukrainian IT specialists said that the Petya.A virus reminded them of the WannaCry ransomware that recently hit North America, Europe, China, and Japan.

To try to prevent the cyber-plague from spreading, Ukraine’s National Police cyber specialists immediately answered calls and checked the affected computers, the department’s spokesman, Yaroslav Trakalo, said on his Facebook page. “Cyber police advise to immediately unplug computers working in the network at the first signs of problems,” Trakalo said.

By mid-afternoon an advisor to the Interior Minister of Ukraine, Anton Gerashchenko, claimed that the cyber attack was staged by Russian special services as an element of the Kremlin's hybrid war against Kiev: “According to the preliminary information, this is an organized system, a kind of training by the Russian intelligence services,” Gerashchenko said. “The attack aims at banks, media, and transport communications," he told Ukraine TV.

Note that all this came at a grim, busy time for Kiev’s investigators. Also on Tuesday morning police had to investigate two murder cases. A Mercedes Benz with Colonel Maksim Shapoval, a key intelligence officer, blew up at the corner of Solomenskaya and Alekseyevskaya streets. And then there was the body of a 27-year-old foreign citizen found in his rented Kiev apartment: the foreigner was shot in the head, chest, and arm. Kiev police reports did not state which country the victim came from.  

Col. Shapoval was the key person investigating Russia’s involvement in the Donbas war in Eastern Ukraine. “The assassinated colonel of the Defense Intelligence of Ukraine was working on proof of Russia’s aggression: the victory at the Hague court was achieved, thanks to his work,” the Ukrainian Independent Information Agency UNIAN reported on Tuesday, referring. (The U.N. websites with that decision about Russian terrorism in Ukraine are now blank.)

“Shapoval had a good reputation but the case might be even more complicated, as according to some reports he organized security for Voronenkov,” a local investigative reporter Yekaterina Sergatskova told The Daily Beast.

Former Russian deputy Voronenkov was gunned down in the heart of Kiev in March. His bodyguard killed the assassin.

If this time police investigation proved that Shapoval was a victim of a bomb planted in his car, which appeared obvious, it would be the second case of the same dark nature in Kiev. Last July somebody planted a bomb and killed a famous journalist and fighter for freedom of speech, Pavel Sheremet, when the reporter was driving to work. Ukraine is still waiting for the results of investigations into that crime.

Meanwhile major Russian companies, including the oil giant Rosneft and Home Credit bank, also complained of a massive hacker attack. Vedomosti newspaper reported WannaCry virus attacking all computers at Rosneft subsidiaries; none of the official Rosneft websites could be opened. Office workers at Modelez, at chocolate producer Alpen Gold and Milka and Mars complained about problems with the same virus Petya. A, attacking computer systems in companies based in Russia.

Get The Beast In Your Inbox!

Daily Digest

Start and finish your day with the top stories from The Daily Beast.

Cheat Sheet

A speedy, smart summary of all the news you need to know (and nothing you don't).

By clicking “Subscribe,” you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

In Ukraine neither the website of the National Police of Ukraine, nor the official website of the Internal Affairs Ministry could be opened.

"At present SBU specialists jointly with the State Service of Special Communications and Information Protection, and the cyber police department, representatives of anti-virus labs are studying the samples of this piece of ransomware and working on its neutralization,” the Ukrainian Security Service, SBU said on its website. “ Soon recommendations how to protect yourself from the above-mentioned cyber-attack will be given."

But by the time that message went out, the ransomware was spreading across Europe, and around the world.