This is an accepted version of this page Post-Minsk II conflict Attacks on civilians Related A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms.

[13] On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.

[14] Security experts believe the attack originated from an update of a Ukrainian tax accounting package called MeDoc [uk], developed by Intellect Service.

"[2] The company that produces MeDoc claimed they had no intentional involvement in the ransomware attack, as their computer offices were also affected, and they are cooperating with law enforcement to track down the origin.

"[20] Security experts found that the version of Petya used in the Ukraine cyberattacks had been modified, and consequently was renamed NotPetya or Nyetna to distinguish it from the original malware.

[23] According to Nicholas Weaver of the University of California the hackers had previously compromised MeDoc "made it into a remote-control Trojan, and then they were willing to burn this asset to launch this attack.

[31] On 28 June 2017 the Ukrainian government stated that the attack was halted, "The situation is under complete control of the cyber security specialists, they are now working to restore the lost data.

[33] Ukrainian officials have stated that Intellect Service will "face criminal responsibility", as they were previously warned about lax security on their servers by anti-virus firms prior to these events but did not take steps to prevent it.

[34] Talos warned that due to the large size of the MeDoc update that contained the NotPetya malware (1.5 gigabytes), there may have been other backdoors that they have yet to find, and another attack could be possible.

[7][37] (A December 2016 cyber attack on a Ukrainian state energy computer caused a power cut in the northern part of the capital, Kyiv).

[7] Russia–Ukraine relations are at a frozen state since Russia's 2014 annexation of Crimea followed by a Russian government-backed separatist insurgency in eastern Ukraine in which more than 10,000 people had died by late June 2017.

[42] Wired technology writer Andy Greenberg, in reviewing the history of the cyberattacks, said that the attacks came from a Russian military hacker group called "Sandworm".

[19] Companies affected include Antonov, Kyivstar, Vodafone Ukraine, lifecell, TV channels STB, ICTV and ATR, Kyiv Metro, UkrGasVydobuvannya (UGV), gas stations WOG, DTEK, EpiCentre K, Kyiv International Airport (Zhuliany), Prominvestbank, Ukrsotsbank, KredoBank, Oshchadbank and others,[13] with over 1,500 legal entities and individuals having contacted the National Police of Ukraine to indicate that they had been victimized by 27 June 2017 cyberattack.

Reckitt Benckiser lowered its sales estimates by 2% (about $130 million) for the second quarter primarily due to the attack that affected its global supply chain.

[19] Secretary of the National Security and Defence Council of Ukraine Oleksandr Turchynov claimed there were signs of Russian involvement in the 27 June cyberattack, although he did not give any direct evidence.

[56] The White House Press Secretary released a statement on 15 February 2018 attributing the attack to the Russian military, calling it "the most destructive and costly cyberattack in history.

"[57] IT-businessman, chairman of the supervisory board of the Oktava Capital company Oleksandr Kardakov proposed to create civil cyber defense in Ukraine.