SBU establishes involvement of the RF special services into Petya.A virus-extorter attack
The cyber-attack, taking place on June 27, 2017 against state institutions, facilities of financial, power-generating and transport sector and also private enterprises by means of malware “Petya.A” is aimed at task-oriented destabilization of social and political situation in the country.
According to the SBU researches, the infection was planned and conducted in advance. It took place in several stages and started the day before of state National Day. The cyber-attack gives the impression of usual ransomeware type virus (software for money extortion), created for offenders treatment. In fact the virus is a cover of large-scale attack, oriented against Ukraine.
It stands to mention originality and singularity of large-scale vector of infection, connecting with the usage of applied book-keeping software. According to the SBU sources data it occurred only once during cyber-attack from the side of North Korea.
Now therefore, the main task of virus is destroying of important data and disorder in state and private institutions of Ukraine for distribution of panic feelings among population.
The data available afford ground for believe that in the attacks involved the same hackish groups that in December 2016 attacked financial system, transport and power-generating facilities with the usage of “TeleBots” and “Blackenergy” malware. This testifies about involvement of the RF special services in this attack.
The SBU in the interaction with the National police, the SSC, partner law-enforcement bodies, international antivirus companies and leading producers of telecommunication and software continues conduct events, aimed at localization of cyber-attack consequences.
It should be recalled that the SBU published updated guidelines on protection of computers from virus-extorter attack.
For the Attention of the SBU Head