Novus

Novus, operating under that alias, is headquartered in Ukraine. The organisation develops and supplies accounting software that is widely used across Ukrainian businesses, financial institutions, and government agencies. Its software solutions are designed to support core financial processes such as bookkeeping, tax reporting, and payroll management. Novus serves primarily the domestic market, though its products are also utilized by multinational entities with operations in Ukraine. The company’s software is noted for its integration with local regulatory frameworks and its prevalence in critical sectors.

On June 27, 2017, Novus became the focal point of a significant cyberattack when threat actors compromised the update mechanism of its accounting software. The malicious update masqueraded as ransomware but functioned as a wiper, leveraging the EternalBlue exploit and Mimikatz credential‑stealing tool to spread laterally within networks. The infection rapidly affected Ukrainian critical infrastructure, including energy providers, transportation systems, and banking services, before spilling over to multinational corporations worldwide. Despite ransom demands, the malware rendered affected systems inoperable, causing irreversible data loss and operational downtime. Attribution efforts by multiple governments and cybersecurity firms linked the operation to Russian military units, characterizing it as a state‑sponsored act aimed at destabilization rather than financial gain. The incident resulted in estimated damages exceeding ten billion dollars, marking it as one of the costliest cyber events in history. Consequently, Novus’s experience has been frequently cited in discussions of supply‑chain security and the risks associated with software update mechanisms.