On June 27, a large-scale cyber attack was recorded in Ukraine using a new modification of the Petya ransomware, which partially affected companies in Russia, the United States, India, and Australia. A preliminary investigation showed that the pro-state Black Energy group that had previously attacked energy and financial organizations in Ukraine was behind the attack.
Initial penetration occurs through updates of MeDoc, accounting software that is very popular in Ukraine. Then the Trojan resets the administrator's password on the computer where it first entered, and tries to connect to all computers on the network, using a legitimate tool PsExec, Wmi and exploits from the NSA set. For decryption, hackers demand 300 USD in bitcoin.
One week later, actors demanded 100 bitcoins (250 000$) for secret key, which is needed to decrypt all encrypted files.
According to preliminary estimates, about 80 companies have been attacked, with the majority of them located in Ukraine. The list of victims includes large Ukrainian banks and enterprises, namely, Oschadbank, Ukrgasbank, Pivdenny Bank, OTP Bank, TASKombank, The Epicenter chain store, Kovalska industrial and construction group. Three major Ukrainian telecom operators, Kyivstar, LifeCell, Ukrtelecom, have also been affected.
State enterprises Ukrtelecom, Ukrzaliznytsia, Ukrposhta, Kievvodokanal, and state-run aircraft manufacturer Antonov informed they had come under a large-scale attack. The Boryspil international airport, Kiev subway, computer networks of the Cabinet of Ministers and the website of the Ukrainian government have also been infected.
In Russia Rosneft and Bashneft oil giants have been hit by a massive attack.