Cyber Incident Victim: Ukrenergo

On June 27, 2017, a widespread cyber attack disrupted Ukrainian government and corporate systems, including state power distributor Ukrenergo, the National Bank of Ukraine, Boryspil International Airport, state aircraft manufacturer Antonov, and state-owned lender Oschadbank. The attack began with government computers displaying error messages claiming disks contained errors and instructing users not to power down devices. Deputy Prime Minister Rozenko Pavlo confirmed the government network was down, with his computer and others showing identical ransom messages. Affected systems across multiple organizations displayed ransomware demands for $300 in Bitcoin to restore access to encrypted files. Analysts identified the malware as Petrwrap or Petya, noting similarities to the WannaCry ransomware that caused global disruptions the previous month.

The attack disabled critical infrastructure, including airport departure boards, ATMs, and supermarket payment systems. Ukrenergo confirmed its systems were compromised but stated power supplies remained unaffected. Oschadbank reported service disruptions but assured customer data security. The incident extended beyond Ukraine, affecting multinational companies like Maersk and Rosneft, though direct links to the Ukrainian attack were unconfirmed. The cyber strike occurred one day before Ukraine's Constitution Day and hours after the assassination of Ukrainian intelligence officer Colonel Maksim Shapoval in Kyiv. Ukrainian authorities historically attributed similar infrastructure attacks, including a 2015 power grid disruption, to Russian actors, though Russia consistently denied involvement. The attack exacerbated existing tensions stemming from Russia's 2014 annexation of Crimea and support for separatist forces in eastern Ukraine. No group claimed responsibility, and restoration timelines for affected systems were not disclosed in available reporting.