Cyber Incident Victim: VTB Bank

The WannaCry ransomware attack impacted Russian banking institutions in May 2017, with the Central Bank of Russia confirming on May 12 that isolated compromises had occurred despite earlier assertions of unsuccessful targeting. This marked the first official acknowledgment of operational disruptions within Russia's financial sector from the global cyber extortion campaign. The central bank stated that consequences were swiftly addressed but did not specify technical details regarding breached systems or data. Prior to this admission, the institution had maintained that Russian banks repelled the attacks when initially targeted in late April or early May. Following the incident, the central bank reissued cybersecurity recommendations to financial institutions and announced plans to publicly document future cyber incidents and security reinforcement measures.

Security researchers identified VTB Bank as an attack target, though the extent of system compromise remained unverified. VTB declined to confirm whether its infrastructure was breached but asserted normal operations across its retail banking division (VTB24) and corporate systems, claiming its systems lacked the vulnerabilities exploited by WannaCry. Sberbank, Russia’s largest bank, reported repelling a virus attack without infection. Kaspersky Lab researchers noted "a couple" of unnamed Russian banks encountered WannaCry, typically affecting employee workstations or non-critical systems rather than core banking infrastructure. The incident highlighted vulnerabilities in outdated operating systems within embedded devices across Russian institutions. Globally, while ATM ransom screens were reported in Asia, Reuters found no verified bank compromises outside Russia. The central bank’s revised transparency measures reflected heightened institutional awareness of cyber threats following an attack that exposed systemic security gaps in critical sectors.