Tag Archives: Ukraine

Ukraine software firm says computers compromised after cyber attack

FILE PHOTO - A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

KIEV (Reuters) – The Ukrainian software firm at the center of a cyber attack that spread around the world last week said on Wednesday that computers which use its accounting software are compromised by a so-called “backdoor” installed by hackers during the attack.

The backdoor has been installed in every computer that wasn’t offline during the cyber attack, said Olesya Bilousova, the chief executive of Intellect Service, which developed M.E.Doc, Ukraine’s most popular accounting software.

Last week’s cyber attack spread from Ukraine and knocked out thousands of computers, disrupting shipping and shut down a chocolate factory in Australia as it reached dozens of countries around the world.

Ukrainian politicians were quick to blame Russia for a state-sponsored hack, which Moscow denied, while Ukranian cyber police and some experts say the attack was likely a smokescreen for the hackers to install new malware.

The Ukrainian police have seized M.E.Doc’s servers and taken them offline. On Wednesday morning they advised every computer using M.E.Doc software to be switched off. M.E.Doc is installed in around 1 million computers in Ukraine, Bilousova said.

“… the fact is that this backdoor needs to be closed. There was a hacking of servers,” Bilousova told reporters.

“As of today, every computer which is on the same local network as our product is a threat. We need to pay the most attention to those computers which weren’t affected (by the attack). The virus is on them waiting for a signal. There are fingerprints on computers which didn’t even use our product.”

(Reporting by Jack Stubbs; writing by Matthias Williams; Editing by Toby Chopra)

Police seize servers of Ukrainian software firm after cyber attack

A view shows a laptop display (R) showing part of a code, which is the component of Petya malware computer virus according to representatives of Ukrainian cyber security firm ISSP, with an employee working nearby at the firm's office in Kiev, Ukraine July 4, 2017. REUTERS/Valentyn Ogirenko

By Jack Stubbs and Pavel Polityuk

KIEV (Reuters) – Ukrainian police on Tuesday seized the servers of an accounting software firm suspected of spreading a malware virus which crippled computer systems at major companies around the world last week, a senior police official said.

The head of Ukraine’s Cyber Police, Serhiy Demedyuk, told Reuters the servers of M.E.Doc – Ukraine’s most popular accounting software – had been seized as part of an investigation into the attack.

Though they are still trying to establish who was behind last week’s attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by M.E.Doc, charges the company’s owners deny.

The owners were not immediately available for comment on Tuesday.

Premium Service, which says it is an official dealer of M.E.Doc’s software, wrote a post on M.E.Doc’s Facebook page saying masked men were searching M.E.Doc’s offices and that the software firm’s servers and services were down.

Premium Service could not be reached for further comment.

Cyber Police spokeswoman Yulia Kvitko said investigative actions were continuing at M.E.Doc’s offices, adding that further comment would be made on Wednesday.

The police move came after cyber security investigators unearthed further evidence on Tuesday that the attack had been planned months in advance by highly-skilled hackers, who they said had inserted a vulnerability into the M.E.Doc progamme.

Ukraine also took steps on Tuesday to extend its state tax deadline by one month to help businesses hit by the malware assault.

Researchers at Slovakian security software firm ESET said they had found a “backdoor” written into some of M.E.Doc’s software updates, likely with access to the company’s source code, which allowed hackers to enter companies’ systems undetected.

“VERY STEALTHY AND CUNNING”

“We identified a very stealthy and cunning backdoor that was injected by attackers into one of M.E.Doc’s legitimate modules,” ESET senior malware researcher Anton Cherepanov said in a technical note. “It seems very unlikely that attackers could do this without access to M.E.Doc’s source code.”

“This was a thoroughly well-planned and well-executed operation,” he said.

ESET said at least three M.E.Doc updates had been issued with the “backdoor vulnerability”, and the first one was sent to clients on April 14, more than two months before the attack.

ESET said the hackers likely had access to M.E.Doc’s source code since the beginning of the year, and the detailed preparation before the attack was testament to the advanced nature of their operation.

Oleg Derevianko, board chairman at Ukrainian cyber security firm ISSP, said an update issued by M.E.Doc in April delivered a virus to the company’s clients which instructed computers to download 350 megabytes of data from an unknown source on the internet.

The virus then exported 35 megabytes of company data to the hackers, he told Reuters in an interview at his office in Kiev.

“With this 35 megabytes you can exfiltrate anything – emails from all of the banks, user accounts, passwords, anything.”

Little known outside Ukrainian accounting circles, M.E.Doc is used by around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and collaborate on financial documents between internal departments, as well as file them with the Ukrainian state tax service.

Ukraine’s government said on Tuesday it would submit a draft law to parliament for the country’s tax deadline to be extended to July 15, and waive fines for companies who missed the previous June 13 cutoff because of the attack.

“We had program failures in connection to the cyber attack, which meant that businesses were unable to submit account reports on time,” Prime Minister Volodymyr Groysman told a cabinet meeting.

Separately, Ukraine’s security service, the SBU, said it had discussed cyber defense with NATO officials and had received equipment from the alliance to better combat future cyber attacks. Ukraine is not in NATO but is seeking closer ties.

On Saturday Ukrainian intelligence officials accused Russian security services of being behind the attack, and cyber security researchers linked it to a suspected Russian group who attacked the Ukrainian power grid in December 2016.

A Kremlin spokesman dismissed charges of Russian involvement as “unfounded blanket accusations”.

Derevianko said the hacker’s activity in April and reported access to M.E.Doc’s source code showed Ukraine’s computer networks had already been compromised and that the intruders were still operating inside them.

“It definitely tells us about the advanced capabilities of the adversaries,” he said. “I don’t think any additional evidence is needed to attribute this to a nation-state attack.”

(Additional reporting by Natalia Zinets; Writing by Jack Stubbs; Editing by Gareth Jones and Matthias Williams)

Family firm in Ukraine says it was not responsible for cyber attack

Sergei Linnik, general director of Ukrainian software development firm Intellect Service, and his daughter Olesya pose for a picture at the company’s offices in Kiev, Ukraine July 3, 2017. REUTERS/Pavel Polityuk

By Jack Stubbs and Pavel Polityuk

KIEV (Reuters) – Ukrainian company Intellect Service was not responsible for last week’s international cyber attack that brought down the computer systems of several major companies, the father and daughter team told Reuters on Monday.

Cyber security investigators are still trying to establish who was behind the attack.

But Ukrainian officials and security firms including Microsoft <MSFT.O>, Cisco’s <CSCO.O> Talos and Symantec <SYMC.O> say they have confirmed that some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software program called M.E.Doc.

They say the virus, dubbed NotPetya by some experts, was primarily spread via an update issued by M.E.Doc, the accounting software developed by Olesya Linnik and her father Sergei at his company, Intellect Service.

In their first interview with foreign media since the attack, the Linniks said there was no evidence M.E.Doc, which is Ukraine’s most-popular accounting software, was used to spread the virus and they did not understand the charges against them.

“What has been established in these days, when no one slept and only worked? We studied and analysed our product for signs of hacking – it is not infected with a virus and everything is fine, it is safe,” said Olesya, managing partner at Intellect Service.

“The update package, which was sent out long before the virus was spread, we checked it 100 times and everything is fine.”

Little known outside Ukrainian accounting circles, M.E.Doc is an everyday part of life at around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and discuss financial documents between internal departments, as well as file them with the Ukrainian state tax service.

POLICE INVESTIGATING

Investigators have said M.E.Doc’s expansive reach is what made it a prime target for the unknown hackers, who were looking for a way to infect as many victims as possible.

“These malware families were spread using Ukrainian accounting software called M.E.Doc,” researchers at Slovakian security software firm ESET said in a blog post on Friday.

“M.E.Doc has an internal messaging and document exchange system so attackers could send spearphishing messages to victims.”

Ukrainian police said on Monday the Linniks could now face criminal charges if it is confirmed they knew about the infection but took no action.

“We have issues with the company’s leadership, because they knew there was a virus in their software but didn’t do anything … if this is confirmed, we will bring charges,” Serhiy Demedyuk, the head of Ukraine’s cyber police, told Reuters in a text message.

Speaking before Demedyuk’s comments at the company’s modest offices on an industrial estate in Kiev, Sergei, Intellect Service’s general director, raised his voice in frustration.

“We built this business over 20 years. What is the point of us killing our own business?”

Olesya said the company was cooperating with investigators and the police were yet to reach any conclusions.

“The cyber police are currently bogged down in the investigation, we gave them the logs of all our servers and there are no traces that our servers spread this virus,” she said.

“M.E.Doc is a transportation product, it delivers documents. But is an email program guilty in the distribution of a virus? Hardly.”

(Writing by Jack Stubbs; Editing by Anna Willard)

Ukraine points finger at Russian security services in recent cyber attack

FILE PHOTO: A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko

By Pavel Polityuk

KIEV (Reuters) – Ukraine said on Saturday that Russian security services were involved in a recent cyber attack on the country, with the aim of destroying important data and spreading panic.

The SBU, Ukraine’s state security service, said the attack, which started in Ukraine and spread around the world on Tuesday, was by the same hackers who attacked the Ukrainian power grid in December 2016. Ukrainian politicians were quick to blame Russia for Tuesday’s attack, but a Kremlin spokesman dismissed “unfounded blanket accusations”.

Cyber security firms are trying to piece together who was behind the computer worm, dubbed NotPetya by some experts, which conked out computers, hit banks, disrupted shipping and shut down a chocolate factory in Australia.

The attack also hit major Russian firms, leading some cyber security researchers to suggest that Moscow was not behind it.

The malicious code in the virus encrypted data on computers, and demanded victims pay a $300 ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May. But Ukrainian officials and some security experts say the ransomware feature was likely a smokescreen.

Relations between Ukraine and Russia went into freefall after Moscow’s annexation of Crimea in 2014 and the subsequent outbreak of a Kremlin-backed separatist insurgency in eastern Ukraine that has killed more than 10,000 people.

Hacking Ukrainian state institutions is part of what Ukraine says is a “hybrid war” by Russia on Kiev. Russia denies sending troops or military equipment to eastern Ukraine.

“The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy,” the SBU said.

“This testifies to the involvement of the special services of Russian Federation in this attack.”

The SBU in an earlier statement on Friday said it had seized equipment it said belonged to Russian agents in May and June to launch cyber attacks against Ukraine and other countries.

Referencing the $300 ransomware demand, the SBU said “the virus is cover for a large-scale attack on Ukraine. This is evidenced by a lack of a real mechanism for taking possession of the funds … enrichment was not the aim of the attack.”

“The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people.”

A cyber attack in December on a Ukrainian state energy computer caused a power cut in the northern part of the capital Kiev.

The Russian foreign ministry and Federal Security Service did not immediately respond to requests for comment on the latest allegations.

Russian oil major Rosneft <ROSN.MM> was one of the first companies to reveal it had been compromised by the virus and sources told Reuters on Thursday computers at state gas giant Gazprom <GAZP.MM> had also been infected.

The SBU’s accusations chime with some of the findings of the cyber security firm ESET in Slovakia, which said in research published online on Friday that the Telebots group — which has links to BlackEnergy — was behind the attack.

“Collecting ransom money was never the top priority for the TeleBots group,” it said, suggesting Ukraine was the target but the virus spread globally as “affected companies in other countries had VPN connections to their branches, or to business partners, in Ukraine.”

“The TeleBots group continues to evolve in order to conduct disruptive attacks against Ukraine,” it said.

“Prior to the outbreak, the Telebots group targeted mainly the financial sector. The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities. That’s why the malware went out of control.”

(Additional reporting by Alexander Winning in Moscow and Jim Finkle in Toronto; writing by Matthias Williams; Editing by Jeremy Gaunt)

Venezuela’s shield-bearing protesters inspired by Ukraine

A demonstrator holding a rudimentary shield poses for a picture before a rally against Venezuelan President Nicolas Maduro's government in Caracas, Venezuela, May 27, 2017. He said: "I protest, because I want a better future for me and my family, because it hurts to get up every day and have my mother crying because there is nothing to eat at home. Because I know that if I've got to die here, I would die fighting for my country and not because I was shot by someone who wanted to steal my cell phone." REUTERS/Carlos Garcia Rawlins

By Victoria Ramirez and Andreina Aponte

CARACAS (Reuters) – Drawing inspiration from Ukraine’s 2013-14 revolt, Venezuela’s young protesters are donning Viking-like shields in battles with security forces and eagerly watching a film on the Kiev uprising.

Foes of Venezuelan socialist President Nicolas Maduro are holding public showings of Netflix’s “Winter on Fire” documentary about the three-month standoff in Ukraine that led to 100 deaths and the exit of then-president Viktor Yanukovich.

In Venezuela’s anti-government unrest, where 80 people have died since April, youths bear colorfully decorated homemade shields akin to those used in Kiev’s Maidan Square.

The young Venezuelans make their shields from satellite TV dishes, drain covers, barrels or any other scraps of wood and metal they can find. Some supporters also make and donate shields.

The protesters use the shields to form walls, or even beat on them in unison, as Roman soldiers and Norsemen used to do going into battle. Fellow demonstrators cheer as the self-styled “Resistance” members link arms to walk to the front lines and face off with National Guard troops and police.

“The shields don’t stop bullets, but they do protect us from tear gas, rubber bullets and stones,” said 20-year-old law student Brian Suarez, wearing a gas mask and carrying a shield depicting Maduro in the sights of a rifle target.

Other shields carry quotes and images of Venezuela’s constitution, paintings and religious symbols, depictions of the faces of slain protesters, or slogans saying “SOS!”, “No More Dictatorship!” or “Murderer, Maduro!”

While the protesters say they are fighting against tyranny in the South American oil producer, Maduro accuses them of seeking a violent coup with U.S. support.

Manuel Melo said he was on the front line of protests, hurling stones and protecting other marchers with his blue plastic shield, until one day he was caught by a water cannon. The 20-year-old graphic design student lost his kidney from the impact.

Nevertheless, he wants to go back.

“It’s an important role being a shield-bearer because you know that everything they throw goes straight at you,” he said while recovering from his home in Caracas. “I’m not out there because I like it, but for the common good.”

“AM I IN UKRAINE?”

“Winter on Fire,” by Russian director Evgeny Afineevsky, shows tens of thousands of Ukrainian protesters braving snow and baton attacks from riot police to barricade themselves in Maidan Square.

It has been discreetly shown around Venezuela, including at bookshops, a university, a public square and an arts cinema.

Forums and discussions are held afterward.

“Hearing a Ukrainian and seeing the tears in their eyes, you ask yourself: ‘Hold on, am I in Ukraine or in Cafetal?'” said university professor Carlos Delgado, referring to an upper-class part of Caracas that has vigorously supported the protests.

Delgado, 48, recently participated in a screening and forum about “Winter on Fire” at Venezuela’s Catholic University, where opposition to Maduro is also strong.

Many have also spread the word on social media.

“This documentary is unmissable,” Venezuelan actress and author Ana Maria Simon exhorted on her Instagram account. “All Venezuelans should see it, especially those who are tired, especially those close to losing faith.”

In both countries, protesters have opposed presidents they consider repressive, and the clashes turned increasingly violent. But differences abound, too.

While Ukraine’s protesters endured freezing conditions day and night, Venezuela’s thin out quickly when rain starts, and they go home in the evening and enjoy balmy Caribbean weather.

The Venezuelans point out that criminal gangs make the streets dangerous at night. And with their economy in meltdown, they are often short of medicine, food and other needs, whereas the Ukrainians had a good supply line.

Hans Wuerich, who became famous for stripping in front of an armored car with a Bible in Caracas, said “Winter on Fire” made him think Venezuela’s Resistance needed to escalate tactics.

“It’s time to take the protests to another level,” the 27-year-old reporter said in Caracas’ Altamira Square, a focus of the demonstrations. “But we need to be organized if we’re going to take the streets day and night, if it’s really about a point of no return.”

(Click on http://reut.rs/2sdUXmI to see a related photo essay)

(Additional reporting by Andrew Cawthorne in Caracas, Matthias Williams and Alessandra Prentice in Kiev; Editing by Andrew Cawthorne and Lisa Von Ahn)

New computer virus spreads from Ukraine to disrupt world business

A user takes a selfie in front of a laptop at WPP, a British multinational advertising and public relations company in Hong Kong, China June 28, 2017 in this picture obtained from social media. INSTAGRAM/KENNYMIMO via REUTERS

By Eric Auchard and Dustin Volz

FRANKFURT/WASHINGTON (Reuters) – A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.

Risk-modeling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber attacks that knock critical computer networks offline.

“When systems are down and can’t generate revenue, that really gets the attention of executives and board members,” said George Kurtz, chief executive of security software maker CrowdStrike. “This has heightened awareness of the need for resiliency and better security in networks.”

The virus, which researchers are calling GoldenEye or Petya, began its spread on Tuesday in Ukraine. It infected machines of visitors to a local news site and computers downloading tainted updates of a popular tax accounting package, according to national police and cyber experts.

It shut down a cargo booking system at Danish shipping giant A.P. Moller-Maersk <MAERSKb.CO>, causing congestion at some of the 76 ports around the world run by its APM Terminals subsidiary..

Maersk said late on Wednesday that the system was back online: “Booking confirmation will take a little longer than usual but we are delighted to carry your cargo,” it said via Twitter.

U.S. delivery firm FedEx said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China’s Cofco.

The malicious code encrypted data on machines and demanded victims $300 ransoms for recovery, similar to the extortion tactic used in the global WannaCry ransomware attack in May.

Security experts said they believed that the goal was to disrupt computer systems across Ukraine, not extortion, saying the attack used powerful wiping software that made it impossible to recover lost data.

“It was a wiper disguised as ransomware. They had no intention of obtaining money from the attack,” said Tom Kellermann, chief executive of Strategic Cyber Ventures.

Brian Lord, a former official with Britain’s Government Communications Headquarters (GCHQ) who is now managing director at private security firm PGI Cyber, said he believed the campaign was an “experiment” in using ransomware to cause destruction.

“This starts to look like a state operating through a proxy,” he said.

ETERNAL BLUE

The malware appeared to leverage code known as “Eternal Blue” believed to have been developed by the U.S. National Security Agency.

Eternal Blue was part of a trove of hacking tools stolen from the NSA and leaked online in April by a group that calls itself Shadow Brokers, which security researchers believe is linked to the Russian government.

That attack was noted by NSA critics, who say the agency puts the public at risk by keeping information about software vulnerabilities secret so that it can use them in cyber operations.

U.S. Representative Ted Lieu, a Democrat, on Wednesday called for the NSA to immediately disclose any information it may have about Eternal Blue that would help stop attacks.

“If the NSA has a kill switch for this new malware attack, the NSA should deploy it now,” Lieu wrote in a letter to NSA Director Mike Rogers.

The NSA did not respond to a request for comment and has not publicly acknowledged that it developed the hacking tools leaked by Shadow Brokers.

The target of the campaign appeared to be Ukraine, an enemy of Russia that has suffered two cyber attacks on its power grid that it has blamed on Moscow.

ESET, a Slovakian cyber-security software firm, said 80 percent of the infections detected among its global customer base were in Ukraine, followed by Italy with about 10 percent.

Ukraine has repeatedly accused Moscow of orchestrating cyber attacks on its computer networks and infrastructure since Russia annexed Crimea in 2014.

The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the attack, which also struck Russian companies including oil giant Rosneft <ROSN.MM> and a steelmaker.

“Unfounded blanket accusations will not solve this problem,” said Kremlin spokesman Dmitry Peskov.

Austria’s government-backed Computer Emergency Response Team (CERT) said “a small number” of international firms appeared to be affected, with tens of thousands of computers taken down.

Microsoft, Cisco Systems Inc and Symantec Corp <SYMC.O> said they believed the first infections occurred in Ukraine when malware was transmitted to users of a tax software program.

Russian security firm Kaspersky said a news site for the Ukraine city of Bakhumut was also hacked and used to distribute the ransomware.

A number of the victims were international firms with have operations in Ukraine.

They include French construction materials company Saint Gobain <SGOB.PA>, BNP Paribas Real Estate <BNPP.PA>, and Mondelez International Inc <MDLZ.O>, which owns Cadbury chocolate.

Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt late on Tuesday after computer systems went down.

(Additional reporting by Jack Stubbs in Moscow, Alessandra Prentice in Kiev, Helen Reid in London, Teis Jensen in Copenhagen, Maya Nikolaeva in Paris, Shadia Naralla in Vienna, Marcin Goettig in Warsaw, Byron Kaye in Sydney, John O’Donnell in Frankfurt, Ari Rabinovitch in Tel Aviv, Noor Zainab Hussain in Bangalore; Writing by Eric Auchard, David Clarke and Jim Finkle; Editing by David Clarke and Andrew Hay)

Global business reels from second major cyber attack in two months

Customers queue in 'Rost' supermarket in Kharkiv, Ukraine June 27, 2017 in this picture obtained from social media. MIKHAIL GOLUB via REUTERS

By Eric Auchard and Jack Stubbs

FRANKFURT/MOSCOW (Reuters) – A major cyber attack, believed to have first struck Ukraine, caused havoc around the world on Wednesday, crippling computers or halting operations at port operator Maersk, a Cadbury chocolate plant in Australia and the property arm of French bank BNP Paribas.

Russia’s biggest oil company, Ukrainian banks and multinational firms were among those hit on Tuesday by the cyber extortion campaign, which has underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers.

The rapidly spreading computer worm appeared to be a variant of an existing ransomware family known as Petya which also has borrowed key features from last month’s ransomware attack, named “WannaCry”.

ESET, an anti-virus vendor based in Bratislava, said 80 percent of all infections from the new attack detected among its global customer base were in Ukraine, with Italy second hardest hit at around 10 percent. Several of the international firms hit had operations in Ukraine.

Shipping giant A.P. Moller-Maersk <MAERSKb.CO>, which handles one in seven containers shipped worldwide and has a logistics unit in Ukraine, is not able to process new orders after being hit by the attack on Tuesday, it told Reuters.

“Right now, at this hour, we’re not able to take new orders,” Maersk Line Chief Commercial Officer Vincent Clerc said in a telephone interview on Wednesday.

BNP Paribas Real Estate <BNPP.PA>, which provides property and investment management services, confirmed it had been hit but declined to specify how widely it had affected its business. It employed nearly 3,500 staff in 16 countries as of last year.

“The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack,” the bank told Reuters on Wednesday, after a person familiar with the matter had said that some staff computers were blocked on Tuesday due to the incident.

Production at the Cadbury <MDLZ.O> factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.

Russia’s Rosneft <ROSN.MM>, one of the world’s biggest crude producers by volume, said on Tuesday its systems had suffered “serious consequences” but said oil production had not been affected because it switched over to backup systems.

The virus crippled computers running Microsoft Corp’s <MSFT.O> Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access.

Several security experts questioned whether the effort to extort victims with computers hit by the virus was the main goal, or whether the unknown hackers behind the attack could have other motives.

(Reporting by Eric Auchard; Editing by Adrian Croft)

Germany sees ‘very difficult’ situation in eastern Ukraine

German Foreign Minister Sigmar Gabriel speaks during a news conference in Ankara, Turkey, June 5, 2017.

BERLIN (Reuters) – German Foreign Minister Sigmar Gabriel said on Monday that both Ukraine and Russian-backed separatists were violating a ceasefire agreement in eastern Ukraine and it would likely be difficult to resolve the crisis in the short term.

“It’s very difficult to find a way out after so many years,” Gabriel told an event hosted by the European Council on Foreign Relations. “Of course we are trying, but it does not look like we will have a (short-term resolution) of the difficulties in the region.”

Gabriel said he backed continued efforts by the so-called “Normandy format” group – involving Germany, France, Ukraine and Russia – to resolve the crisis, but observers from the Organization for Security and Cooperation in Europe (OSCE) were not optimistic, given the situation in the region.

“I have no good messages on this issue,” he said.

(Reporting by Andrea Shalal; Editing by Joseph Nasr)

Macron meets Russia’s Putin near Paris, promising tough talks

French President Emmanuel Macron (R) and Russian President Vladimir Putin (L) give a joint press conference at the Chateau de Versailles before the opening of an exhibition marking 300 years of diplomatic ties between the two countries in Versailles, France, May 29, 2017.

By Michel Rose and Denis Dyomkin

VERSAILLES, France (Reuters) – French President Emmanuel Macron met Russia’s Vladimir Putin near Paris on Monday, promising some frank talking with the Kremlin leader after an election campaign in which his team accused Russian media of trying to interfere.

Macron, who took office two weeks ago, has said dialogue with Russia is vital in tackling a number of international disputes. Nevertheless, relations have been beset by mistrust, with Paris and Moscow backing opposing sides in the Syrian civil war and at odds over the Ukraine conflict.

Fresh from talks with his Western counterparts at a NATO meeting in Brussels and a G7 summit in Sicily, Macron was hosting the Russian president at the sumptuous 17th Century palace of Versailles outside Paris.

Amid the baroque splendor, Macron will use an exhibition on Russian Tsar Peter the Great at the former royal palace to try to get Franco-Russian relations off to a new start.

The 39-year-old French leader and Putin exchanged a cordial,  businesslike handshake and smiles when the latter stepped from his limousine for a red carpet welcome, with Macron appearing to say “welcome” to him in French.

The two men then entered the palace to start their talks.

“It’s indispensable to talk to Russia because there are a number of international subjects that will not be resolved without a tough dialogue with them,” Macron told reporters at the end of the G7 summit on Saturday, where the Western leaders agreed to consider new measures against Moscow if the situation in Ukraine did not improve.

“I will be demanding in my exchanges with Russia,” he added.

Relations between Paris and Moscow were increasingly strained under former President Francois Hollande.

Putin, 64, cancelled his last planned visit in October after Hollande accused Russia of war crimes in Syria and refused to roll out the red carpet for him.

Then during the French election campaign the Macron camp alleged Russian hacking and disinformation efforts, at one point refusing accreditation to the Russian state-funded Sputnik and RT news outlets which it said were spreading Russian propaganda and fake news.

Two days before the May 7 election runoff, Macron’s team said thousands of hacked campaign emails had been put online in a leak that one New York-based analyst said could have come from a group tied to Russian military intelligence.

Moscow and RT itself rejected allegations of meddling in the election.

Putin also offered Macron’s far-right opponent Marine Le Pen a publicity coup when he granted her an audience a month before the election’s first round.

French President Emmanuel Macron (R) speaks to Russian President Vladimir Putin (L) in the Galerie des Batailles (Gallery of Battles) as they arrive for a joint press conference at the Chateau de Versailles before the opening of an exhibition marking 300 years of diplomatic ties between the two countries in Versailles, France, May 29, 2017.

French President Emmanuel Macron (R) speaks to Russian President Vladimir Putin (L) in the Galerie des Batailles (Gallery of Battles) as they arrive for a joint press conference at the Chateau de Versailles before the opening of an exhibition marking 300 years of diplomatic ties between the two countries in Versailles, France, May 29, 2017. REUTERS/Stephane De Sakutin/Pool

Nonetheless, Russia’s ambassador to Paris, Alexander Orlov said on Monday that he expected this first meeting between the two men to be full of “smiles” and marking the beginning of “a very good and long relationship”.

Orlov, speaking on Europe 1 radio, said he believed that Macron was “much more flexible” on the Syrian question, though he did not say why he thought this. Putin would certainly invite Macron to pay a visit to Moscow, he said.

Putin’s schedule included a trip to a newly opened Russian Orthodox cathedral in Paris – a call he had been due to make for its inauguration in October, but which was cancelled along with that trip.

“CLEVER MOVE”

Macron decisively beat Le Pen, an open Putin admirer in a fraught presidential election campaign, and afterwards the Russian president said in a congratulatory message that he wanted to put mistrust aside and work with him.

Hollande’s former diplomatic adviser, Jacques Audibert, noted how Putin had been excluded from what used to be the Group of Eight nations as relations with the West soured. Meeting in a palace so soon after the G7 summit was a clever move by Macron.

“Putin likes these big symbolic things. I think it’s an excellent political opportunity, the choice of place is perfect,” he told CNews TV. “It adds a bit of grandeur to welcome Putin to Versailles.”

The Versailles exhibition commemorates a visit to France 300 years ago by Peter the Great, known for his European tastes.

A Russian official told reporters in Moscow on Friday that the meeting was an opportunity “to get a better feel for each other” and that the Kremlin expected “a frank conversation” on Syria.

While Moscow backs President Bashar al-Assad, France supports rebel groups trying to overthrow him. France has also taken a tough line on European Union sanctions on Russia, first imposed when it annexed Crimea from Ukraine in 2014, and cancelled a $1.3 billion warship supply contract in 2015.

During the campaign, Macron backed expanded sanctions if there were no progress with Moscow implementing a peace accord for eastern Ukraine, where Kiev’s forces have been battling pro-Russian separatists.

Since being elected, Macron appears to have toned down the rhetoric, although he noted the two leaders still had “diverging positions” in their first phone call.

(Additional reporting by Cyril Camu; Editing by Richard Balmforth and Alison Williams)

Ukraine imposes sanctions on Russian web firms, citing cyber threat

A Yandex taxi is seen in central Kiev, Ukraine, May 16, 2017. REUTERS/Gleb Garanich

By Natalia Zinets

KIEV (Reuters) – Ukraine imposed sanctions on Russia’s largest internet group Yandex and other popular online firms on Tuesday, saying it wanted to guard against cyber attacks, and the Kremlin threatened retaliation.

The restrictions froze any assets held by the Russian businesses inside Ukraine and banned hosts there from linking to them, though the websites were all still accessible in Kiev on Tuesday afternoon.

The ban was imposed partly to protect against companies “whose activities threaten the information and cyber security of Ukraine”, the Kiev government’s Security and Defence Council said in a statement.

They added to a list of more than 400 Russian firms blacklisted by Kiev since Moscow’s annexation of Crimea in 2014 and the ensuing pro-Russian separatist uprising in eastern Ukraine.

Mail.ru Group, which owns the Odnoklassniki social network and Vkontakte, Russia’s version of Facebook, said that around 25 million Ukrainians could be affected by the “politically motivated” decision.

“We have never been involved in politics. We have not broken a single law of Ukraine,” it said in a statement. It said the Ukrainian market contributed an “immaterial” amount of revenue and so Mail.ru would not revise its financial plans.

Yandex declined comment and there was no immediate comment from other companies on the list.

Kremlin spokesman Dmitry Peskov told journalists that Moscow had not forgotten the principle of reciprocity when it came to such disputes, calling the move “short-sighted.”

Many of the affected sites are hugely popular in Ukraine.

Vkontakte was the second-most visited website in Ukraine as of March, according to data cited by the Ukrainian Internet Association. Yandex, Odnoklassniki and Mail.ru were also in the top five most popular sites that month.

In comments to Russian newspaper Kommersant, Russian Foreign Ministry spokesman Maria Zakharova called the sanctions a “manifestation of politically motivated censorship”.

Moscow has repeatedly denied accusations from Kiev that it has been waging a “cyber war” on Ukraine at the same time as it fuels Ukraine’s separatist conflict by supporting rebels with troops and weapons.

Ukraine has also accused Russian computer hackers of targeting its power grid, financial system and other infrastructure with viruses.

(Additional reporting by Maria Kiselyova and Anastasia Teterevleva in Moscow; writing by Alessandra Prentice; editing by Matthias Williams and Mark Heinrich)