Ukraine blames Russia for covering up targeted cyberattack

Ukraine has been affected the most during Petya outbreak

Petya ransomware has been keeping the cyber community on their toes lately as its new campaign has hit the web with a new force. Germany, Norway, France, the Netherlands, UK were among the affected, but no country has suffered it worse than Ukraine ^[1].

This Eastern European country became a hotspot of Petya-related cyber attacks way before the virus spread in other parts of the continent and, eventually, the world. According to the cyber security giant Kaspersky, more than 60 percent of all incidents so far were reported by the Ukrainian users, businesses and institutions.

It wasn’t long until the Ukrainian security service, known as SBU issued a public announcement which gave voice to the idea that that has been circling the minds of the local citizens. SBU claimed that Petya attacks were a deliberately and carefully planned by the Russian special services with the purpose of destabilizing and crippling the country’s infrastructure. The SBU believe that Petya’s spread outside the Ukraine was a mere cover-up, which made the incident look like yet another ransomware breach in the eyes of the rest of the cyber community.

SBU reveal suspicious connections

• The first thing that SBU researchers are certain of is that Kremlin has chosen June 27th as the day of the attack on purpose. The date marks an eve of Ukraine’s Constitution Day, and it is quite symbolic that the country's stability and integrity were threatened on the day that should represent these values.
• Secondly, the security service points out the obvious connections of the current attacks and the events that took place back in December 2016. With the help of professional security investigators, SBU uncovered that back then, and now the attackers have used Telebots and BlackEnergy malware-based attacks to carry out the attacks ^[2].
• Finally, the attacks were primarily targeted toward large Ukrainian organizations, governmental institutions, telecommunication providers, banks and other important cornerstones of the country's infrastructure. Needless to say, these targets are exactly the same when it comes to the military operations that the Russian-funded separatists carry out on land.

Experts warn about new hybrid cyber attacks

ESET representatives claim that the Telebots group which is now associated with the Petya attacks in Ukraine may be planning new series of attacks which will involve even more sophisticated techniques of attacking the targeted systems. Even now hackers longer relied on Master Boot Record or email spear phishing to infiltrate devices but employ sophisticated exploit kits, and leveraged network vulnerabilities reach their targets.

Experts strongly advice all businesses, institutions and organizations to update their operating systems to the supported versions which receive regular security updates and take other necessary precautions to prevent ransomware attacks.