The Petya hack may not have turned out to be the global phenomenon many feared, but the ransomware attack still has Ukraine reeling.

Nick Bilogorskiy, a Ukrainian cybersecurity expert and cofounder of San Jose-based Cyphort, said in a recent email interview that his native country is still trying to fully recover from an attack that hit companies, bank machines, and its infrastructure. The country was forced to extend its tax deadline to July 15, he noted, due to the attack.

Indeed, many have now concluded, as Ukrainian officials asserted, that Petya was an attack on the country rather than an attempt to extort money. Indeed, NATO has concluded the virus was the result of a “state actor” and could warrant retaliation.

“The operation was not too complex, but still complex and expensive enough to have been prepared and executed by unaffiliated hackers for the sake of practice. Cyber criminals are not behind this either, as the method for collecting the ransom was so poorly designed that the ransom would probably not even cover the cost of the operation,” NATO’s Cooperative Cyber Defense Centre of Excellence (CCDCOE) said in a press release on June 30.

Officials in Ukraine believe that state actor is Russia, which may have been seeking to sow chaos in a country it has been at odds with since the latter invaded Crimea four years ago.

Meanwhile, Ukrainian software company MeDoc could be facing charges that its lax security may have helped aid the spread of Petya. Several security firms had traced the origins of the virus to recent software the company released.

Ukrainian National Police raided MeDoc and seized the company’s servers:

Bilogorskiy also pointed out that the effects are still being felt outside Ukraine. As of last week, shipping company Maersk, advertising giant WPP, and FedEx had still not fully restored systems hit by the ransomware.