Ukraine’s Cyber Police have intervened to prevent further cyberattacks in the wake of the recent global attack, initially considered to be ransomware and called by various names including NotPetya.
The attack affected businesses around the world, but Ukraine was hit particularly hard because, security researchers believe, the initial attacks were disguised in an automatic update to the ME Doc tax and accounting software widely used in the country.
A backdoor could have been introduced into ME Doc as early as 15 May, the police said, after one of the developer’s computers was taken over.
Police said that they had seized computers and software from ME Doc’s developer after spotting fresh signs of malicious activity, and have taken the items away for analysis. They hope this will put an end to further uncontrolled distribution of the NotPetya malware (also referred to as Diskcoder.c, ExPetr, PetrWrap and Petya) used in the previous attack, they said.
Although the malware was initially labelled as ransomware, it appears incapable of unlocking the files it has encrypted.
Ukrainian police now believe that aspect was just a diversionary tactic. One hypothesis the investigators are considering is that the malware was created by state actors with the goal of destabilising the country.
The police recommended that anyone with the ME Doc software on their computer immediately stop using it and disconnect it from their network. They hope their analysis of the materials seized will lead to the creation of a tool for identifying, and perhaps reversing the effects of, the malware.
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers