Leonid Bershidsky, Columnist

The Russian Trail in the Latest 'Ransomware' Attack

The developers of the exPetr virus didn't want ransom: Their goal was to attack Ukrainian interests.

June 29, 2017 at 11:36 AM UTC

Leonid Bershidsky, formerly Bloomberg Opinion’s Europe columnist, is a member of the Bloomberg News Automation Team. He recently published Russian translations of George Orwell’s “1984” and Franz Kafka’s “The Trial.”

Out of service.
Photographer: Vincent Mundy/Bloomberg

Provide news feedback or report an error

Site feedback:

Take our Survey

This article is for subscribers only.

It's almost a reflex to blame Russians for cyberattacks these days, even on the sketchiest of evidence. But such accusations certainly seem justified regarding the novel ransomware attack that has swept the world in recent days -- known as notPetya, exPetr, Petrwrap and several other names referring to its similarity to the well-known Petya ransomware.

On April 28, Ukrainian President Petro Poroshenko introduced sanctions against a number of Russian companies, including the hugely popular social network Vkontakte and the near-indispensable accounting software developer 1C. The latter was a huge blow to Ukrainian accountants, especially those working for small and medium-sized businesses. 1C, built from scratch by Russian Boris Nuraliev, who is now a billionaire, is established throughout the former Soviet Union because it has made a point of understanding and integrating the vagaries of each country's accounting rules while keeping its software basic, reliable and easy to use for someone without any information technology competence. It also worked as a cheap alternative to sophisticated enterprise resource planning software like that from German vendor SAP.