Analyses by computer experts showed that waves of attacks had been launched via software updates of the M.E.Doc accounting software since April, the BSI said in a statement.
That meant that companies that used the software might have been infected by the malicious software, even if there were no obvious signs of a breach, BSI said. Data backups carried out after April 13 should also be viewed as compromised.
"Some German firms have seen production and other critical processes laid still for over a week," BSI President Arne Schoenbohm said. "It has resulted in millions of euros of damage, and this in a case where Germany got off lightly."
Olesya Bilousova, the chief executive of Intellect Service, which developed M.E.Doc accounting software, speaks to journalists following a round table on last week's cyber attack in Kiev, Ukraine July 5, 2017.
Germany's BSI federal cyber agency said on Friday that the threat posed to German firms by recent cyber attacks launched via a Ukrainian auditing software was greater than expected, and some German firms had seen production halted for over a week.
