An attack with the NotPetya wiper malware, on the eve of Ukraine’s Constitution Day, targeted public and private sector entities in Ukraine (80% of affected systems) including financial, energy and government institutions. The attack was highly disruptive in nature as it disabled computers by wiping hard drives and spread independently to companies that used a popular tax-filing software (M.E.Doc).  The malware was not designed to be decrypted. This meant that there were no means for victims to recover data once it had been encrypted. The attack spread globally and infected, among others, Chernobyl’s radiation monitoring system and US healthcare organizations.  The attack has been coined as the “most devastating cyberattack in history.”

The EU imposed sanctions (asset freeze and travel ban) via their Diplomacy Toolbox whilst the US imposed sanctions via the Department of the Treasury’s Office of Foreign Assets Control (OFAC).