During the Kyiv International Cyber Resilience Forum 2025, the Director of the PARKOVY Data Center, Volodymyr Pokatilov, shared interesting details about how a massive cyberattack was carried out on their infrastructure in January last year.
During the Kyiv International Cyber Resilience Forum 2025, the Director of the PARKOVY Data Center, Volodymyr Pokatilov, shared interesting details about how a massive cyberattack was carried out on their infrastructure in January last year.
Let us recall the context: On the morning of January 25, Ukrposhta clients were unable to send their parcels. And drivers and carriers were unable to cross the border using the Shlyakh system. Hackers attacked PARKOVY. Its cloud storage is used by dozens of state agencies, including Diya (which was not affected by the attack at the time).
Volodymyr Pokatilov told dev.ua the details. So, the attack was aimed at destroying data. In total, two petabytes of data were erased from the hard drives of virtual machines. «And there are more backups, because backup is a factor of 1.5-2,» the top manager emphasizes.
But because some of the data center backups were also protected, the attackers were unable to completely destroy the data.
«We restored everything in two weeks, the recovery rate is 98%,» recalls Pokatilov.
The data repository of the National Information Systems of Ukraine (NAIS), according to Pokatilov, was less fortunate. He emphasized that NAIS could have used their experience. But this did not happen. And the structure that serves dozens of state registers lost everything — the main data and backups. The incident, we provide, occurred at the end of last year. The register of notaries and other state services stopped working. The data had to be restored virtually manually.
But let’s get back to the PARKOVY Data Center. Pokatilov says that the losses from the large-scale cyberattack are relatively small if you compare them to the losses suffered by Kyivstar in December 2023, when some of the company’s services, which were affected by the actions of hackers, did not work for up to a week. Together with the loss of income and compensation, the telecom operator’s losses were estimated at UAH 3 billion, as claimed by the company.
And now — the most interesting thing. As Volodymyr Pokatilov recalls, the data center infrastructure was not damaged during the attack.
«Neither the systems that control the data center, nor the equipment, the cooling, were affected,» he says. Only the public cloud, which some customers had access to. They logged in via VPN. And before this attack a year ago, it was believed that at this stage this protection was sufficient.
«That is, if this is our client, then he will not intentionally do anything harmful there,» — this was previously believed, recalls Volodymyr Pokatilov.
But, as it turned out, one of the clients was a spy. «This was a client who came to us before the war, took it for a test, and then bought the services,» recalls a representative of the data center. What’s more, the client’s legal entity passed the check and was clean.
In reality, the client, once in the public cloud, had been planning and preparing the attack for a long time.
He waited for the administrator to come in, took his, roughly speaking, hash of the password, and then was able to retrieve it.
Once the attack occurred and investigators figured out where the vulnerability was, the client simply disappeared. He didn’t respond to messages or calls because his task had already been completed.
Today, there is already a tool that is easy to implement both on the data center side and on the side of any business or critical infrastructure. During a speech at the Kyiv International Cyber Resilience Forum 2025, the PARKOVYI Data Center announced a service that combines 2 simple services — blocking the deletion of backup copies and quick recovery from backup. Such a service will not only prevent the complete destruction of information during a possible cyberattack, but will also save the budget for storing copies of critical data.
