Ukraine accused the Russian security services Saturday of planning and launching a cyberattack that locked up computers around the world earlier this week.
The Ukrainian security agency, known as the SBU, alleged in a statement that similarities between the malicious software and previous attacks on Ukrainian infrastructure revealed the work of Russian intelligence services.
The SBU added that the attackers appeared uninterested in making a profit from the ransomware program and were more focused on sowing chaos in Ukraine.
There was no immediate official response from Russia’s government, but Russian lawmaker Igor Morozov told the RIA Novosti news agency that the Ukrainian charges were “fiction” and that the attacks were likely the work of the United States.
Ukraine was the country most affected by the attack using a strain of malware known by names including NotPetya. Beginning Tuesday, computers across Ukraine at government agencies, energy companies and banks were disabled as their data was encrypted amid demands for ransom payments.
Two cybersecurity outfits have publicly tied the NotPetya malware to hacking groups that many other experts in turn believe are linked to Russian intelligence operations.
Russian anti-virus company Kaspersky Lab has identified similarities between NotPetya and BlackEnergy, a sophisticated malware assumed to have been used in a series of cyberattacks on Ukrainian infrastructure in recent years.
“There are several parts of the code and strings that are shared,” Vyacheslav Zakorzhevsky, the head of Kaspersky’s anti-virus research department, told The Associated Press on Saturday. “These families are connected.”
ESET, a Slovakian cybersecurity firm, said the cyberattacks did not come out of nowhere.
“This was not an isolated incident. This is the latest in a series of similar attacks in Ukraine,” ESET said in a Friday report, suggesting the reason other countries were hit was because the hackers had underestimated the power of their malware and it had spun out of control.
Attributing cyberattacks is a particularly difficult process, but Ukraine has repeatedly accused Russia of sponsoring electronic intrusions, including the hack of Ukraine’s voting system ahead of a 2014 national election and assaults that knocked parts of its power grid offline in 2015 and 2016. Relations between the two countries collapsed when Russia annexed Ukraine’s Crimean Peninsula in 2014 and began backing separatists fighting Ukrainian forces in the country’s east.
Major companies beyond Ukraine that reported being hit by NotPetya included Danish shipping giant A.P. Moller-Maersk, Russian state-owned oil behemoth Rosneft and FedEx subsidiary TNT.
Several of those affected are still struggling to get back online. A.P. Moller-Maersk’s chief operating officer, Vincent Clerc, has told The Wall Street Journal that he expects his firm to return “to some kind of normalcy” by Monday.
On the streets of Kiev, Ukraine’s capital, there were signs that Ukraine had yet to fully recover from the attack as well.
Alexander Havrilenko, 43, said his wife hadn’t been paid as expected because her office at Ukraine’s state-owned Oschadbank was still closed.
“She was told to come in Wednesday — maybe,” he said.
As for who was responsible, Havrilenko didn’t hesitate to echo the Ukrainian government’s line.
“It’s Russia,” he said.
AP Cybersecurity Writer Raphael Satter in Kiev, Ukraine, contributed to this report.