Ukraine says police raid foils second cyberattack
KIEV, UKRAINE — Ukraine has dodged a second cyberattack, officials said Wednesday, suggesting that the digital campaign which paralyzed computers across the country and around the world continues.
Ukraine is still trying to find its feet after scores or even hundreds of businesses and government agencies were hit by an explosion of data-scrambling software on June 27. In a Facebook post , Interior Minister Arsen Avakov said there was a second stage to that attack, timed to hit its peak at 4 p.m. Tuesday in Ukraine.
Avakov said the second strike — like the first one — originated from servers at the Ukrainian tax software company M.E. Doc, which sheds a little more light on Tuesday’s heavily armed raid on M.E. Doc’s office and the seizure of its servers. Video released Wednesday showed men in camouflage carrying assault-style weapons storming the company’s modest offices in Kiev as office workers calmly watched them. Police spokeswoman Yulia Kvitko said there were no arrests.
“We prevented the initiation of the second wave of viruses,” Yaroslav Trakalo, another police spokesman, said in the video. He said investigators have found “evidence of Russian presence on these servers,” although he did not elaborate.
Ukraine has blamed the Kremlin for the attack. Kremlin officials routinely deny claims of electronic interference in Ukraine and elsewhere.
The raid on M.E. Doc caps a week of increasingly implausible claims from the company that it was not at the heart of the outbreak. On Wednesday the firm reversed itself, acknowledging that hackers had broken into its computer network and used it to seed the malware epidemic.
It’s not clear what the thrust or scope of the second cyberattack in Ukraine was, but M.E. Doc is widely used across Ukraine, making it a tempting springboard for hackers. An executive at the company was quoted by Interfax-Ukraine as saying the software was installed on 1 million machines across the country.
How many of those machines have been infected is an open question.
The June 27 attack initially seemed to be a particularly aggressive form of ransomware, but many analysts who picked it apart later said it appeared to be a thinly disguised attempt to destroy data and sow chaos. Some said the malware epidemic was likely state-backed, and Ukrainian officials have blamed the Kremlin.
In the meantime, an online wallet carrying roughly $10,000 worth of digital currency extorted by the cyber attackers was emptied around the time of Tuesday’s raid, according to Bitcoin’s public ledger. Information security experts say some of the money appears to have been used to purchase space on a darknet text storage site, where a statement was posted demanding 100,000 bitcoin, or roughly $2.6 million, in exchange for unscrambling all the affected files.
Ukrainian officials have not offered a global estimate of the amount of damage inflicted by the June 27 attack. But in an interview Tuesday, Infrastructure Minister Volodymyr Omelyan said the damage at his department alone ran into millions of dollars.