It all began when attackers compromised the M.E. Doc update server and sent NotPetya to unsuspecting victims. XDATA ransomware was also distributed via M.E. Doc in June 2017 and possibly as early as April. Malwarebytes estimated that, conservatively, we are looking at a number at least in the tens of thousands of systems infected (a significant percentage of which reside in the Ukraine). in the wiper attack - it is impossible for the attackers to decrypt victims' disks, even if they pay the ransom fee. Symantec published a chart.

The Ukranian power grid and other key assets have been the frequent target of Russian state-sponsored hackers. A number of Ukrainian officials laid blame at Russia’s feet.

  • Apparently M.E. Doc had ignored repeated warnings that its systems were susceptible to cyberattack. MeDoc software is widely used by tax firms. The Ukrainian police seized their servers.