Series of powerful cyberattacks using the Petya malware
2017 Ukraine ransomware attacks
Petya's ransom note displayed on a compromised system
Date
27–28 June 2017 (2017-06-27 – 2017-06-28)
Location
Ukraine[1]
Other locations
Russia
Germany[2]
United States[1]
United Kingdom[1]
Spain
India
Poland[1]
Italy
Israel[1]
Belarus[1]
Argentina[3]
Netherlands[3]
Australia[4]
Type
Cyberattack
Cause
Malware, ransomware, cyberterrorism
Outcome
Affected several Ukrainian ministries, banks, metro systems and state-owned enterprises
Suspects
Russia (according to statements of Ukrainian authorities, American Michael N. Schmitt and the CIA.)[5][6][7][8][9]
v
t
e
Russo-Ukrainian War (outline)
Background
Novorossiya
Dissolution of the Soviet Union
Russia–Ukraine relations
Budapest Memorandum
2003 Tuzla Island conflict
Orange Revolution
2007 Munich speech of Vladimir Putin
Russia–Ukraine gas disputes
Euromaidan
Revolution of Dignity
Crimea
Annexation
Timeline
Little green men
Krymnash
Crimean Parliament
Belbek Airport
Southern Naval Base
2014 Simferopol
2014 Russian protests
Major topics
2018 Moscow–Constantinople schism
Information war
cyberwarfare
ransomware
cyberattacks
Belarusian involvement
International sanctions
Media portrayal
Foreign aid (military
humanitarian)
War in Donbas
Timeline
Capture of Donetsk
Sloviansk
Kramatorsk
Artemivsk
Mariupol
Sievierodonetsk
Il-76 shootdown
Zelenopillia rocket attack
Karlivka
1st Donetsk Airport
Luhansk Border Base
Krasnyi Lyman
Sector D clashes
Great Raid of 2014
Shakhtarsk Raion
Horlivka
Yasynuvata
Ilovaisk
Novoazovsk
2nd Mariupol
2nd Donetsk Airport
Debaltseve
International recognition
Post-Minsk II conflict
2015
Shyrokyne (2015)
Marinka (2015)
2016
Svitlodarsk (2016)
2017
Avdiivka (2017)
2018
Kerch Strait incident (2018)
2019
2020
2021
2022
Attacks on civilians
Sloviansk
Malaysia Airlines Flight 17
Novosvitlivka
Volnovakha
Donetsk
Mariupol
Kramatorsk
Stanytsia Luhanska
Russian invasion of Ukraine (2022–present) (Timeline)
Prelude to invasion (Reactions)
Assassination attempts on Volodymyr Zelenskyy
Northern Ukraine campaign
Hostomel
Kyiv
Chernihiv
Eastern Ukraine campaign
Avdiivka
Mariupol
Kharkiv
Izium
Battle of Donbas
Sievierodonetsk
Lysychansk
Bakhmut
Kharkiv counteroffensive
Vuhledar
Southern Ukraine campaign
1st Kherson
Melitopol
Mykolaiv
Voznesensk
Kherson counteroffensive
2nd Kherson
2023 Ukrainian counteroffensive
Effects and aftermath
Economic impact
Peace negotiations
Protests in occupied Ukraine
War crimes
Government and intergovernmental reactions
Non-government reactions
Protests
Russian protests
ICJ case
Arrest warrants
Related
Zagreb Tu-141 crash
Russian mystery fires
Nord Stream pipeline sabotage
Soloti training ground shooting
Brovary helicopter crash
Black Sea drone incident
Belgorod accidental bombing
Bryansk Oblast military aircraft crashes
Wagner Group rebellion
Wagner Group plane crash
For the May 2017 worldwide EternalBlue WannaCry cyberattack, see WannaCry ransomware attack.
A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms.[10] Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia.[3][11][12] ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.[2] On 28 June 2017, the Ukrainian government stated that the attack was halted.[13] On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.[14]
^ abcdefRothwell, James; Titcomb, James; McGoogan, Cara (27 June 2017). "Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down". The Daily Telegraph. Archived from the original on 16 February 2018. Retrieved 5 April 2018.
^ ab"Tax software blamed for cyber-attack spread". BBC News. 28 June 2017. Archived from the original on 28 June 2017. Retrieved 28 June 2017.
^ abcTurner, Giles; Verbyany, Volodymyr; Kravchenko, Stepan (27 June 2017). "New Cyberattack Goes Global, Hits WPP, Rosneft, Maersk". Bloomberg. Archived from the original on 5 November 2019. Retrieved 27 June 2017.
^"Businesses warned again to update patches as Petya ransomware hits Australian offices". Financial Review. 28 June 2017. Archived from the original on 30 June 2017. Retrieved 3 July 2017.
^"Oleksandr Turchynov: One of the mechanisms for spreading a dangerous computer virus was a system for updating the accounting software – National Security and Defense Council of Ukraine". RNBO. Archived from the original on 19 October 2017. Retrieved 30 June 2017.
^"SBU establishes involvement of the RF special services into Petya.A virus-extorter attack". Security Service of Ukraine. Archived from the original on 19 October 2017. Retrieved 4 July 2017.
^Cite error: The named reference SBU 1 July 2017 was invoked but never defined (see the help page).
^Borys, Christian (26 July 2017). "Ukraine braces for further cyber-attacks". BBC News. Archived from the original on 26 July 2017. Retrieved 26 July 2017.
^Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes Archived 13 January 2018 at the Wayback Machine Washington Post, 2018
^Prentice, Alessandra (27 June 2017). "Ukrainian banks, electricity firm hit by fresh cyber attack". Reuters. Archived from the original on 16 July 2019. Retrieved 27 June 2017.
^Scott, Nicole Perlroth, Mark; Frenkel, Sheera (27 June 2017). "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. ISSN 0362-4331. Archived from the original on 13 April 2018. Retrieved 4 July 2017.{{cite news}}: CS1 maint: multiple names: authors list (link)
^"Global ransomware attack causes chaos". BBC News. 27 June 2017. Archived from the original on 27 June 2017. Retrieved 27 June 2017. Burgess, Matt. "There's another 'worldwide' ransomware attack and it's spreading quickly". Wired UK. Archived from the original on 31 December 2017. Retrieved 27 June 2017.
^Cite error: The named reference Ukrif28617 was invoked but never defined (see the help page).
^"Companies still hobbled from fearsome cyberattack". Associated Press. 30 June 2017. Archived from the original on 19 October 2017. Retrieved 3 July 2017.
and 24 Related for: 2017 Ukraine ransomware attacks information
similar attack via MeDoc software was carried out on 18 May 2017 with the ransomware XData. Hundreds of accounting departments were affected in Ukraine. The...
The WannaCry ransomwareattack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft...
documented ransomware known as the AIDS trojan, the use of ransomware scams has grown internationally. There were 181.5 million ransomwareattacks in the...
WannaCry ransomwareattack on 12 May 2017 affected hundreds of thousands of computers in more than 150 countries. 2017 Petya cyberattack These attacks relate...
which caused another power outage 2017 Ukraine ransomwareattacks 2022 Ukraine cyberattacks Ukraine power grid hack (disambiguation) This disambiguation...
14, 2017.[citation needed] On May 12, 2017, a computer worm in the form of ransomware, nicknamed WannaCry, used the EternalBlue exploit to attack computers...
ransomwareattack". Ars Technica. Retrieved 2021-12-17. arguably the most severe vulnerability ever Barrett, Brian. "The Next Wave of Log4J Attacks Will...
The Latest Ransomware Is Deadlier Than WannaCry". Forbes. Retrieved 2 May 2023. "Ukrainian software company will face charges over cyber attack, police suggest"...
be technically similar to previous attacks using the WannaCry ransomware and the attacks on Sony Pictures. One of the tactics used by Lazarus hackers was...
"Amar Pelos Dois". May 12 – WannaCry ransomwareattack: Computers around the world are hit by a large-scale ransomware cyberattack, which goes on to affect...
restaurant, and hotel industries with BadUSB attacks designed to deliver REvil or BlackMatter ransomware. Packages have been sent to employees in IT,...
Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The...
In January 2019, CrowdStrike published research reporting that Ryuk ransomware had accumulated more than $3.7 million in cryptocurrency payments since...
tracked is Sandworm. After the 2015 attack on the Ukrainian power grid and the global NotPetya ransomwareattack in 2017 – both attributed to Sandworm – ESET...
Petya (NotPetya) cyber attacks, masquerading as ransomware, caused large-scale disruptions in Ukraine as well as to the U.K.'s National Health Service...
2017, two billion data records were stolen or impacted by cyber attacks, and ransomware payments reached US$2 billion, double that in 2016. In 2020, with...
be a ransomwareattack targeting multinational corporations. But Talos was amongst the first threat research groups to discover that the attack was deliberately...
Ryuk ransomwareattack". BleepingComputer. Staff and agencies (29 October 2020). "US hospital systems facing 'imminent' threat of cyber attacks, FBI warns"...
(Ransomware Evil; also known as Sodinokibi) was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack,...
Retrieved 23 November 2019. Fruhlinger, Josh (1 August 2017). "The 5 biggest ransomwareattacks of the last 5 years". CSO. Archived from the original on...
likely to be affected by malware, ransomware, phishing, man-in-the-middle attacks, and Denial-of Service (DoS) Attacks. Normal internet users are most likely...
wide scale computer virus incidents, DOS and DDOS attacks that cripple services, and organized attacks that cripple major online communities), and other...
certain extortion-related processes. It is common to observe data from ransomwareattacks on several dark web sites, for example data sales sites or public...