Trump Administration Still Silent on This Week’s Major Malware Attack

The attack, directed largely at Ukraine, may have come from Russia.

Jaap Arriens/Zuma

Let our journalists help you make sense of the noise: Subscribe to the Mother Jones Daily newsletter and get a recap of news that matters.

It’s been nearly four days since a malware attack disabled computers in Ukraine, as well as elsewhere in Europe and parts of the United States, in an attack that could be the latest offensive in Russia’s ongoing conflict with Ukraine, and the administration of President Donald Trump has yet to weigh in. 

“If indeed it turns out that this is more than just a simple criminal enterprise, but reflects a state-based effort to intimidate or bully another state, in this case Ukraine on its Constitution Day, that in and of itself is really noteworthy,” says Michael Sulmeyer, project director of the Belfer Center Cyber Security Project at the Harvard Kennedy School and a former cyber policy official in the Defense Department, “because now we’re talking about using cyber capabilities for the exercise of state power and international security.”

A spokesman for the National Security Council did not return an email asking about the administration’s response to the situation, and White House spokeswoman Sarah Huckabee Sanders did not respond to a request for comment.

This latest malware attack occurred late Monday night and into Tuesday morning, when it became evident that an electric power supplier in Kiev, Ukraine, had been hit with what was thought to be ransomware, illicit software that encrypts a victim computer’s files or drives until a ransom is paid. Major corporations in other countries also suffered a cyberattack, including shipping behemoth Maersk, international law firm DLA Piper, and a hospital system in Pittsburgh. 

Researchers soon learned that the code making up the malware—whether by design or accident—prevented the locked files from being decrypted. They also learned that one of the key methods of infection was through updates to accounting software called MeDoc, which is widely used by companies based in and doing business in Ukraine, and by Ukrainians to pay their taxes. 

Those factors, along with the fact that Russia has been consistently pounding the Ukraine with attacks—cyber and otherwise—led some researchers to believe that the attack was not just a run-of-the-mill ransomware episode, but rather a state-sponsored cyberattack. Bolstering that view is the fact that on the morning of the cyberattack, a Ukrainian military intelligence officer was murdered in a car bombing in Kiev. The attack also began just before the nation celebrated the anniversary of the ratification, in 1996, of its first constitution after independence from the Soviet Union.

“I think this was directed at us,” Roman Boyarchuk, the head of the Center for Cyber Protection in Ukraine’s State Service for Special Communications and Information Protection, told Wired magazine. “This is definitely not criminal. It is more likely state-sponsored.” As for the theory that Russia is behind the attacks, Boyarchuk told Wired that “it’s difficult to imagine anyone else would want to do this.”

It’s unclear whether Trump will address the episode or the broader issue of Russian cyber activity when he meets with Russian President Vladimir Putin at the G20 summit in Hamburg, Germany, at the end of next week. National Security Adviser H.R. McMaster told reporters Thursday that Trump has “no specific agenda” going into the summit, but that the president had tasked his staff with coming up with plans to confront “Russia’s destabilizing behavior,” including cyber threats or “political subversion” in the United States or Europe.

Sulmeyer points out that latest meeting of the United Nations Group of Governmental Experts, which was working to come to a set of international cyberspace norms, fell apart without an agreement last week.  “You start to wonder, in a situation [like this], what should be the rules of the road,” he says. “And is there any prospects for the international community to ever agree on any?”


Headshot of Editor in Chief of Mother Jones, Clara Jeffery

It sure feels that way to me, and here at Mother Jones, we’ve been thinking a lot about what journalism needs to do differently, and how we can have the biggest impact.

We kept coming back to one word: corruption. Democracy and the rule of law being undermined by those with wealth and power for their own gain. So we're launching an ambitious Mother Jones Corruption Project to do deep, time-intensive reporting on systemic corruption, and asking the MoJo community to help crowdfund it.

We aim to hire, build a team, and give them the time and space needed to understand how we got here and how we might get out. We want to dig into the forces and decisions that have allowed massive conflicts of interest, influence peddling, and win-at-all-costs politics to flourish.

It's unlike anything we've done, and we have seed funding to get started, but we're looking to raise $500,000 from readers by July when we'll be making key budgeting decisions—and the more resources we have by then, the deeper we can dig. If our plan sounds good to you, please help kickstart it with a tax-deductible donation today.

Thanks for reading—whether or not you can pitch in today, or ever, I'm glad you're with us.

Signed by Clara Jeffery

Clara Jeffery, Editor-in-Chief

payment methods

We Recommend