X

Russia behind GoldenEye ransomware attack, says Ukraine

The GoldenEye strain of the Petya ransomware was designed to wipe out data, and hit companies throughout Europe and even one in Australia.

Zoey Chong Reporter
Zoey is CNET's Asia News Reporter based in Singapore. She prefers variety to monotony and owns an Android mobile device, a Windows PC and Apple's MacBook Pro all at the same time. Outside of the office, she can be found binging on Korean variety shows, if not chilling out with a book at a café recommended by a friend.
Zoey Chong
2 min read
Petya ransomware cyber attack
Donat Sorokin\TASS via Getty Images

Ukraine says it has discovered who the perpetrators of last week's destructive GoldenEye ransomware attack are.

The country's SBU security service says it has found evidence suggesting Russian security services were involved, according to a statement released Saturday.

In its statement, SBU said it obtained data with international antivirus companies that led it to conclude that "the same hackers are involved in the attacks, which [shut down Ukraine's power grids] using Telebots and BlackEnergy in December 2016."

"This proves the involvement of the Russian special services in this attack," it concluded.

But Russian firms such as oil production company Rosneft were also made victims of the attack, leading some cybersecurity experts to suggest Moscow isn't responsible, said BBC.  

Last week's attack, a new strain of the Petya ransomware dubbed GoldenEye, comes almost two months after WannaCry crippled more than 200,000 computers across 150 countries. Cybersecurity company BitDefender and Microsoft found that the new bug first struck Ukraine via local tax accounting software MEDoc. Hackers had hid GoldenEye in the programme's software update and caused a widespread infection.

SBU added that GoldenEye was a premeditated attack designed to "destroy important data" and "disrupt the operations of public and private institutions in Ukraine" to cause political disarray.

"The virus is masked as an ordinary ransomware but is, in fact, a large-scale attack targeting Ukraine," read the statement. "This is proven by the lack of a real mechanism [to secure] ransom payments, which confirms that the attackers were not after money."

Some experts had expressed similar beliefs on Saturday, saying that the GoldenEye bug was designed to wipe data from infected computers. Companies such as Danish shipping firm, Maersk, FedEx's TNT Express service and Australia's Cadbury chocolate factory have fallen victims to the attack.

Virtual reality 101: CNET tells you everything you need to know about VR .

CNET en Español: Get all your tech news and reviews in Spanish.