Research by cyber security companies point to a Russian involvement.
On Saturday, Ukraine’s state security service pointed the finger of blame for the recent cyberattacks on Russian security services, saying the attacks were aimed at destroying important data and spreading chaotic panic.
Ukraine’s SBU stated the attacks, which began in Ukraine and spread across the globe, were from the same hackers who had attacked the Ukrainian power grid in December 2016.
Dubbed as NotPetya by cyber security experts, cyber security companies are slowly piecing together the puzzle of who was behind the computer worm which disrupted the services of banks, a chocolate factory in Australia as well as international shipping.
Incidentally, the attack also hit major Russian firms, leading a few cyber security experts to say that Moscow was not behind the attack.
The worm was similar to the WannaCry ransomware. Ukrainian officials however said, the ransomware feature of the new worm was most likely a smokescreen.
Relations between Ukraine and Russia nosedived after the latter annexed Crimea in 2014. Kremlin-backed separatist in eastern Ukraine have killed more than 10,000 people.
“The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy,” said the SBU.
“This testifies to the involvement of the special services of Russian Federation in this attack.”
On Friday, the SBU had released a statement saying it had seized equipment belonged to Russian agents in May and June to launch cyberattacks against Ukraine and other countries.
In reference to the new ransomware worm that demanded $300, the SBU said “the virus is cover for a large-scale attack on Ukraine. This is evidenced by a lack of a real mechanism for taking possession of the funds … enrichment was not the aim of the attack.”
“The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people.”
In December 2016, a cyberattack on a Ukraine’s state energy computer had caused a power cut in the northern part of the capital Kiev.
SBU’s accusations have found resonance from the findings of Slovakia-based cyber security firm ESET which published its research on Friday saying the Telebots group, which has links to BlackEnergy, was behind the attack.
“Collecting ransom money was never the top priority for the TeleBots group,” reads the ESET report. While it confirms that Ukraine was the target, the worm spread globally as it “affected companies in other countries had VPN connections to their branches, or to business partners, in Ukraine.”
“The TeleBots group continues to evolve in order to conduct disruptive attacks against Ukraine,” reads the ESET report. “Prior to the outbreak, the Telebots group targeted mainly the financial sector. The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities. That’s why the malware went out of control.”