As countries across the globe scrambled to respond to a malicious "ransomware" virus, Russians were left wondering why the attack had disproportionately targeted their country.
The Russian cyber security firm, Kaspersky Labs, was among the first to identify the so-called "Wanna Cry" malware — a viral worm that exploits vulnerabilities in the Windows operating system to encrypt files without users permission. A group of hackers known as "The Shadow Brokers" are widely believed to have stolen the program from the US National Security Agency last April and deployed it as a means to ransom user data for online "bitcoin" payments.
Kaspersky Labs initially reported 45,000 attacks by the malware in more than 70 countries, with Russia bearing the brunt of the onslaught. “The range of targets and victims is likely much, much higher,” warned the Kaspersky report.
Indeed, within hours, other internet security firms estimated that over 75,000 computers in 100 different countries were targeted. Those numbers continue to grow.
As the virus ricocheted around the globe, Russia’s powerful Interior Ministry and National Railway Service both confirmed they had fallen victim to the malware. The Russian mobile telecom giant, Megafon, also issued a statement saying its servers had been compromised.
But by mid-day Saturday, spokesmen from all three organizations said they had successfully isolated the virus and were operating as usual. Other key Russian ministries, and the country’s central bank, pushed back against claims that state computer infrastructure had been compromised.
In statements to Russian media, all argued they had thwarted the virus using non-Windows operating systems while trumpeting the merits of data backups using a notably Russian-made server, Elbrus.
The claims have not been confirmed by outside experts but suggested optics may also be at play. For months the West has accused Russian state hackers of interfering in elections in the US, France, and elsewhere — now Russia was more than happy to play the victim. Yet Russian officials also seemed equally intent on assuring the public it had a firm handling of the country’s cyber defenses.
The Kremlin has long been suspicious of western technology firms, arguing that they work in collusion with American intelligence agencies.
In 2014, Russia’s Duma passed a law requiring Western tech companies — such as Facebook, Twitter and Google — to relocate servers to Russia in an effort to protect Russian user data. Though not fully implemented, Russian internet activists have argued that the law gives Russian security services dangerous access to private data with little legal recourse.
Meanwhile, Russian President Vladimir Putin has increasingly pushed for the government’s digital independence from Western tech firms — partially in response to American and European sanctions introduced following Russia’s annexation of Crimea from Ukraine in 2014.
The Kremlin’s advisor on internet strategy, German Klimenko, seized the latest cyber attack as a chance to praise those moves as timely.
“The president’s order [was] to create a Russian segment of the internet — [it created] a closed internet solely for government bureaucrats,” said Klimenko in an interview with Russia’s Channel One television.
“The defense against attacks has been in place a long time,” he added. “It’s doubtful our [government] data suffered.”
In a press conference during a visit to China on Monday, President Putin agreed with Klimenko. The Russian leader promised the government had largely dodged the malware but placed blame on the US for “stockpiling” cyberweapons — language that hinted at the new "cyber Cold War" unfolding.
Indeed, Russia’s online community traded theories that the virus was payback from the NSA for alleged Russian interference in last year’s American presidential elections.
Pro-Kremlin experts, too, weighed in.
“I respect the honesty of the United States,” said Mikhail Delyagin, director of the Institute of Problems of Globalization in Russia, in an interview with the New York Times. “They threaten us with a cyberattack, and a cyberattack follows. It’s logical,” insisted Delyagin.
But Anton Nossik, a longtime leading internet voice in Russia, rejected those charges as “terribly funny” in a widely shared post to his Live Journal blog.
“That 74 countries were implicated in the virus is explained as Russia’s enemies desire to hide the real goal of their attack,” writes Nossik, who notes that Russian governmental officials had been too lazy to install a Windows "patch" available since last March that resolved the security flaw.
“Really, how can you deceive our ever-wakeful conspiracy theorists?” he adds. “To hack their computers is the simplest thing. But to destroy their vigilance? Never!”
In a subsequent interview, Nossik went on to cast doubt on the Kremlin’s ability to overhaul its computer infrastructure with Elbrus-based desktops.
“I’m not buying all this crap about secret software/hardware rearmament in a country that hasn’t produced one single smartphone in its history,” he notes.
Other Russian digerati also pushed back against the idea that Russia had been a target by design.
"There's no politics or intention here. The virus is just spreading randomnly," says Ilya Sachkov, director of the Moscow-based Group IB — a company that tracks internet fraud — in an interview with Moscow's Business FM radio.
Sachkov and others note that ransomeware attacks have been growing in number and strength for years.
Western cyber security experts, meanwhile, suggested average Russians fell victim to "Wanna Cry" because of their widespread use of pirated Windows software.
The cyber crisis once again thrust Edward Snowden, the controversial former NSA contractor who was granted asylum in Russia after leaking a trove of classified NSA documents to the press in 2013, back into the spotlight.
In a series of posts on Twitter, Snowden argued the NSA bore moral responsibility for the leak — particularly given the virus’s widely reported impact on out-of-date hospital computer systems — and doctors' ability to care for patients.
“Despite warnings, the NSA built dangerous attack tools that could target Western software,” wrote Snowden. “Today we see the cost.”
It appears The Kremlin couldn’t agree more.
The World is an independent newsroom. We’re not funded by billionaires; instead, we rely on readers and listeners like you. As a listener, you’re a crucial part of our team and our global community. Your support is vital to running our nonprofit newsroom, and we can’t do this work without you. Will you support The World with a gift today? Donations made between now and Dec. 31 will be matched 1:1. Thanks for investing in our work!