Cyber Incident Victim: Nova Poshta
Date:
Jun 2017
Location:
Ukraine
Summary
A large-scale cyber attack employing 'Petya' ransomware targeted Ukrainian government and corporate networks, disrupting operations at multiple major entities including Nova Poshta, critical infrastructure providers, financial institutions, and transportation hubs. The attack paralyzed websites and systems, prompting cybersecurity specialists to intervene and halt the incident while working to restore lost data. Strategic enterprises vital to state security maintained normal operations throughout the event, with authorities confirming the situation remained under full control during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On June 27, 2017, a large-scale cyber attack targeted Ukrainian government bodies and corporate networks, causing widespread disruption. The attack paralyzed critical infrastructure and services, including the websites of Nova Poshta, multiple financial institutions such as Oschadbank, PrivatBank, and Sberbank, energy provider Kyivenergo, telecommunications company Ukrtelecom, and Boryspil International Airport. Ukrainian cybersecurity specialists intervened swiftly, halting the attack within the same day and establishing full operational control over the situation. Government authorities confirmed that strategic enterprises, particularly those responsible for state security functions, remained operational despite the incident. Recovery efforts focused on restoring data lost during the attack, though the article did not specify the exact data restoration methods or timelines. The Cabinet of Ministers publicly acknowledged the incident, emphasizing their oversight of response measures while withholding technical details about the attack vector or initial infiltration methods.
The incident was attributed to the 'Petya' ransomware variant, which encrypted systems and rendered websites inaccessible across affected organizations. The attackās impact spanned multiple sectors: banking services faced interruptions, logistics operations at Nova Poshta were disrupted, airport systems at Boryspil were compromised, and energy/telecom providers experienced operational paralysis. No ransom demands or threat actor attributions were mentioned in the reporting. Response actions remained centralized under Ukrainian cybersecurity teams, with no reference to international assistance or private-sector collaboration. Despite the scale of the disruption, authorities confirmed no breaches occurred at facilities directly involved in national security operations. The coordinated containment effort prevented further propagation of the ransomware, though full restoration of affected systems and data required ongoing remediation work following the initial halt of the attack.