Ukraine is still trying to find its feet after scores or even hundreds of businesses and government agencies were hit by an explosion of data-scrambling software on June 27
KIEV, Ukraine — Ukraine has dodged a second cyberattack, officials said Wednesday, suggesting that the digital campaign which paralyzed computers across the country and around the world is still ongoing.
Ukraine is still trying to find its feet after scores or even hundreds of businesses and government agencies were hit by an explosion of data-scrambling software on June 27. In a Facebook post, Interior Minister Arsen Avakov said there was a second stage to that attack, timed to hit its peak at 4 p.m. in Ukraine on July 4.
Avakov said the second strike — like the first one — originated from servers at the Ukrainian tax software company M. E. Doc, which sheds a little more light on Tuesday’s heavily armed raid on M. E. Doc’s office and the seizure of its servers. Video released Wednesday showed men in camouflage carrying assault-style weapons storming the company’s modest offices in Kiev as office workers calmly watched them. Police spokeswoman Yulia Kvitko said there were no arrests.
“We prevented the initiation of the second wave of viruses, ” Yaroslav Trakalo, another police spokesman, said in the video released Wednesday. He said investigators have already found “evidence of Russian presence on these servers, ” although he did not elaborate.
Ukraine has blamed the Kremlin for the attack that sowed chaos. Kremlin officials routinely deny claims of electronic interference in Ukraine and elsewhere.
The raid on M. E. Doc caps a week of increasingly implausible claims from the company that it was not at the heart of the outbreak. On Wednesday the firm reversed itself, acknowledging that it had been broken into and used by hackers to seed the malware epidemic.
It’s not clear what the thrust or scope of the second cyberattack in Ukraine was, but M. E. Doc is widely used across Ukraine, making it a tempting springboard for hackers. An executive at the company was quoted by Interfax-Ukraine as saying the software was installed on 1 million machines across the country.
How many of those machines have been infected is an open question.
The June 27 attack initially seemed to be a particularly aggressive form of ransomware, but many analysts who picked it apart later said it appeared to be a thinly disguised attempt to destroy data and sow chaos. Some said the malware epidemic was likely state-backed, and Ukrainian officials have squarely put the blame on the Kremlin.
In the meantime, the online wallet carrying roughly $10,000 worth of digital currency extorted by the cyber attackers was emptied shortly around the time of the July 4 raid, according to Bitcoin’s public ledger. Information security experts say some of the money appears to have been used to purchase space on a darknet text storage site, where a statement demanding 100,000 bitcoin, or roughly $2.6 million, in exchange for unscrambling all the affected files materialized shortly thereafter.
It’s impossible to determine whether the offer is serious or just a distraction, and The Associated Press was unable to immediately reach the hackers for comment.
Ukrainian officials have not offered a global estimate of the amount of damage inflicted by the June 27 attack. But in an interview Tuesday with the Associated Press, Infrastructure Minister Volodymyr Omelyan said the damage at his department alone ran into millions of dollars.