“The attack’s peak was planned to take place at 4 p.m. [13:00 GMT]. The attack started at 13:40. The cyberpolice blocked the mailing and activation of the virus from the servers of the information system M.E. Doc. The attack was stopped,” Avakov wrote on Facebook.
The minister noted that the authorities seized the servers, which allegedly contain traces of the cybercriminals’ connections with sources from Russia, but did not provide any proof to his accusations.
Last week, Ukraine’s cyberpolice said that the hackers used the M.E.doc electronic accounting software to spread ransomware, among other methods. The Ukrainian company refuted the allegations and said that it itself fell victim to the attacks. M.E. Doc. noted that it invited the Ukrainian cyberpolice to its office and voluntarily handed reserve copies and logs from the corporate servers from which the authorities’ claimed the attack originated.
The encryptor virus was initially believed to be Petya ransomware, but was later recognized as a new type of ransomware that Russia's Kaspersky Lab dubbed ExPetr. However Matt Suiche, the founder of Comae Technologies cybersecurity firm, told Sputnik that ExPetr was not ransomware, but rather a wiper designated to damage infected computer systems.
Kiev has repeatedly accused Russia of perpetrating cyberattacks against the country's governmental agencies, and Moscow has, in turn, denied the allegations. In June, Russian President Vladimir Putin said that hackers could be anywhere in the world, and that Russia on a state level has not engaged in such activities.