Copyright © 2024

The work of Euromaidan Press is supported by the International Renaissance Foundation

When referencing our materials, please include an active hyperlink to the Euromaidan Press material and a maximum 500-character extract of the story. To reprint anything longer, written permission must be acquired from [email protected].

Privacy and Cookie Policies.

Money is not always the answer. What do we know about latest cyber attack on Ukraine

The “Petya-Not Petya” ransomware attack’s main target was Ukraine, according to ESET security company. Photo: ESET
Money is not always the answer. What do we know about latest cyber attack on Ukraine
Article by: Givi Gigitashvili

On June 27, a wave of “unprecedented” cyber attacks hit Ukraine, targeting state institutions, banks, underground network, major firms, and airports, and causing disruptions on a massive scale. From the outset, the NotPetya virus seemed to be a typical ransomware attack, encrypting important files in infected computers and requiring victims to pay in exchange for decrypting their blocked files. However, it soon appeared that the attackers merely wanted to disguise their virus as a ransomware in order to mislead the public and media and hide their real intentions. What was the real rationale behind the attack?

Although a full investigation will take months (and whether any definite results will be reached remains doubtful), two things are already certain:

First, the attack was primarily aimed at Ukraine. Despite the virus spreading to 65 countries, 75.2% of all infected computers in the world could be found in Ukraine (Cisco’s Talos cyber security division asserted that the other 24.8% were merely “collateral damage,” as, like a real virus, hackers are unable to completely control the virus once launched). Government officials estimated that one in every ten computers at private companies and state offices in Ukraine was hit by the virus, which was seeded through a Ukrainian accounting software M.E.Doc, used by 80% of state institutions and businesses in the country.

Ukrainian sources have estimated that this attack would have far-reaching economic effects, costing Ukraine 0.5% of GDP for this year.

The second peculiar aspect of the attack is that it appears it was not motivated by financial gain. Experts agree that NotPetya is a destructive “wiper” malware designed to destroy data and disrupt the workflow of state and business institutions rather than a ransomware created for financial gains. One of the clues that led them to this conclusion was the payment mechanism the virus routed users to, which, for such a well-engineered malware, looked far too amateurish. For instance, the ransom note generated by the virus contained the same payment address for every victim, whereas typically a customized address is created for every victim separately. Moreover, victims were required to contact the attackers to send confirmation of payment to a single “customer service” email, which was immediately shut down by the German provider Posteo once they learned about the attack. Consequently, it was technically impossible for the victims who made the required payment to contact attackers in order to receive the decryption key to unlock blocked files.

NATO member countries also agreed that cyber attacks against any member of the alliance would trigger the mutual defense clause 
Furthermore, as the Tallinn-based NATO Cooperative Cyber Defense Centre of Excellence suggested last week, the attack itself was so expensive and complex that it would impossible for individual hackers to launch it. Based on available data, including that obtained from international antivirus companies, the Ukrainian state security service argued last week that the attack was organized by the same hackers who were involved in the cyber attack against Ukrainian power grid in December 2016.

Amidst the attack, NATO Secretary General Jens Stoltenberg claimed that, since the Warsaw NATO summit last year, cyber space has become a “military domain;” NATO member countries also agreed that cyber attacks against any member of the alliance would trigger the mutual defense clause in the same way as a conventional military assault.

This constitutes a major change in NATO policy as past cyber attacks – partially due to their novelty – were not treated as seriously. Indeed, when Russia unleashed a series of large-scale cyber attacks against NATO member Estonia back in 2007, the alliance did not enact its mutual defense clause. It appears that the threshold for such an enactment would need to be high, and merely affecting companies operating in many NATO member countries is not a reason enough to enact Article 5 of the Washington Treaty. In reality, the consequences of cyber attack would have to be equivalent of an armed attack.

Despite the growing support for the theory that the attack was orchestrated by state actors (and suspicions on who the state in question might be), NATO-led countermeasures for this particular attack may never happen. Failure to act may send a clear message to the attackers – you are free to violate a country’s sovereignty as long as you do it online. Such an eventuality could create grave disruptions for the global economy, and the NotPetya virus should serve as a wake-up call for the need for increased cyber security.

If such an investment is not made, the next cyber attack could have as its main targets other European countries or even NATO members.


Givi Gigitashvili is a freelance political analyst. He holds a Master’s degree in EU-Russia studies from the University of Tartu, Estonia and has recently finished a research internship at the Center for Economic and Social Research (CASE) in Warsaw.

Read more:


You could close this page. Or you could join our community and help us produce more materials like this.  We keep our reporting open and accessible to everyone because we believe in the power of free information. This is why our small, cost-effective team depends on the support of readers like you to bring deliver timely news, quality analysis, and on-the-ground reports about Russia's war against Ukraine and Ukraine's struggle to build a democratic society. A little bit goes a long way: for as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support. Become a Patron!

To suggest a correction or clarification, write to us here

You can also highlight the text and press Ctrl + Enter

Please leave your suggestions or corrections here

    Will the West continue to support Ukraine?
    • Know what moves the world.
    • Premium journalism from across Europe.
    • Tailored to your needs, translated into English.
    Special discount
    for Euromaidan Press readers
    Euromaidan Press

    We are an independent media outlet that relies solely on advertising revenue to sustain itself. We do not endorse or promote any products or services for financial gain. Therefore, we kindly ask for your support by disabling your ad blocker. Your assistance helps us continue providing quality content. Thank you!

    Related Posts