The Ukrainian security agency, known as the SBU, alleged in a statement that similarities between the malicious software and previous attacks on Ukrainian infrastructure revealed the work of Russian intelligence services.
The SBU added the attackers appeared uninterested in making a profit from the ransomware program and were more focused on sowing chaos in Ukraine.
There was no immediate official response from the Russian government, but Russian lawmaker Igor Morozov told the RIA Novosti news agency that the Ukrainian charges were “fiction” and that the attacks were likely the work of the United States.
Ukraine was the country most affected by the attack by a strain of malware known by names including NotPetya. Beginning Tuesday, computers across Ukraine at government agencies, energy companies and banks were temporarily disabled as their data was encrypted amid demands for ransom payments.
Two cybersecurity outfits have publicly tied the NotPetya malware to hacking groups that many experts believe are linked to Russian intelligence operations.
Russian anti-virus company Kaspersky Lab has identified similarities between NotPetya and BlackEnergy, a sophisticated malware assumed to have been used in a series of cyberattacks on Ukrainian infrastructure in recent years.
“There are several parts of the code and strings that are shared,” said Vyacheslav Zakorzhevsky, the head of Kaspersky’s anti-virus research department, told The Associated Press on Saturday. “These families are connected.”
ESET, a Slovakian cybersecurity firm, said the cyberattacks did not come out of nowhere.
“This was not an isolated incident. This is the latest in a series of similar attacks in Ukraine,” ESET said in a Friday report .
ESET suggested the reason that countries other than Ukraine were affected was because the hackers had underestimated the power of the malware they had created and it spun out of control.
Major companies that reported being hit by NotPetya included Danish shipping giant A.P. Moller-Maersk, Russian state-owned oil behemoth Rosneft and FedEx subsidiary TNT. Most of the organizations hurt by the attack had resumed normal operation within 48 hours.
Ukraine has repeatedly accused Russia of sponsoring cyberattacks, including the hack of Ukraine’s voting system ahead of 2014 national election and an assault that knocked its power grid offline in 2015.
Relations between Russia and Ukraine collapsed when Moscow annexed Ukraine’s Crimean Peninsula in 2014 and began backing separatists fighting forces loyal to Kiev in eastern Ukraine. That fighting has left over 10,000 people dead since April 2014.