Accessibility links

Breaking News

Ukraine, Russia, Poland Still Grappling With Major New Ransomware Attack


People try to enter a closed branch of Oschadbank in Kyiv on June 27, after many banks were hit by a massive cyberattack.
People try to enter a closed branch of Oschadbank in Kyiv on June 27, after many banks were hit by a massive cyberattack.

Companies across the world are still grappling with the effects of a major new ransomware cyberattack that struck their computer systems, with Ukrainian firms and government sites among the worst hit.

Ukraine initially seemed to be the target of the cyberattack, which started on June 27, affecting websites of banks and major industrial enterprises, but it also hit other countries and international companies around the world.

The virus's pace appeared to slow by June 28, partly because the malware seemed to require direct contact between computer networks, a factor that may have limited its spread in regions with fewer connections to Ukraine.

However, businesses in the Asia-Pacific region reported some disruptions on June 28 with the operations of several European companies hit.

Mysterious Shadowbrokers

Like last month's outbreak of ransomware, dubbed WannaCry, the new attack spread by using the EternalBlue intrusion tool that cybersecurity experts believe was created by the U.S. National Security Agency (NSA) and released online by a still-mysterious group known as the Shadowbrokers.​

The malicious software freezes the user's computer until an untraceable ransom is paid in the digital Bitcoin currency.

Russian antivirus firm Kaspersky Lab said it had traced some 2,000 attacks -- most of them in Ukraine, Russia, and Poland.

Ukraine reported heavy disruption from the malware, with computer networks of the government, banks, the state power distributor, the postal service, and Kyiv's international airport being affected.

Radiation monitoring at the Chernobyl nuclear facility had to be performed manually due to a related systems failure.

Ukrainian Prime Minister Volodymyr Hroysman said on June 27 that his country was suffering an "unprecedented" cyberattack but that "vital systems" were not being affected.

The Ukrainian government said on June 28 that it had managed to restore its computer networks after they went down.

"The situation is under the full control of cybersecurity specialists," a statement said. "They are currently working on recovering lost data."

Kremlin spokesman Dmitry Peskov said on June 28 that the cyberattack caused no serious problems at a corporate or state level in Russia.

Other Countries Hit

Russia's central bank said there were isolated cases of lenders' IT systems being infected. One consumer lender, Home Credit, had to suspend client operations.

Rosneft, Russia's largest oil company and one of the world's biggest crude producers by volume, said its servers were attacked but that oil production was not affected because it switched over to backup systems.

Elsewhere, British advertising firm WPP, U.S. law company DLA Piper, and Danish shipping giant A.P. Moller-Maersk were also infected.

The White House National Security Council said government agencies were investigating the attack and that the United States was "determined to hold those responsible accountable."

The U.S. Department of Homeland Security advised those targeted by the attacks not to pay the ransom, saying there was no guarantee that access to files would be restored. It said it was monitoring the attacks and coordinating with other countries.

Speaking on June 28 at a press conference in Brussels, NATO Secretary-General Jens Stoltenberg said that the cyberattack "underlines the importance of strengthening our cyberdefenses and that is exactly what NATO is doing."

No 'Kill Switch'

Security experts believe the impact of the current attack will be smaller than WannaCry, which hit hundreds of thousands of computers worldwide after it emerged on May 12.

The experts say many computers have been patched with Windows updates in the wake of last month's WannaCry attack to protect them against attacks using the same EternalBlue exploit,

Nonetheless, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, they say.

Meanwhile, the BBC reported on June 28 that security researchers have discovered a "vaccine" for the cyberattack -- a single file that can stop the attack from infecting a machine.

However, it said, experts could not find a so-called kill switch that would block the ransomware from spreading to other vulnerable computers.

With reporting by Reuters, AFP, and the BBC
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.