Ukrainian police confiscates company’s servers which spread the Petya virus
On Tuesday the Ukrainian police confiscated the servers of the Ukrainian software company M.E.DOC in connection with the investigation of the cyber-attack which took place last week, Serhiy Demedyuk, head of Ukraine’s Cyber Police, told Reuters.
According to Ukrainian officials and computer security specialists, the original source of the Petya ransomware was program updates issued by M.E.DOC. The company is the developer of the most popular tax administration software in Ukraine.
M.E.DOC employees told Reuters earlier that the company’s servers had not been hacked, and that the updates distributed by the company were not infected with the virus.
Meanwhile, Serhiy Demyuk, head of Ukraine’s Cyber Police, said in an interview published by Associated Press on Tuesday that M.E.DOC will be charged with negligence in connection with the cyber-attack, since it did not take steps to strengthen its cyber defense, despite the warnings. “They knew about this,” Demedyuk said, “Other companies in the fight against computer viruses warned them many times. They will bear criminal liability for their negligence.”
Petya ransomware attack took place on June 27. According to Group-IB’s assessments, the virus attacked nearly 80 companies, most of them Ukrainian. In Russia the virus affected Rosneft, Bashneft, Mars, Nivea and Mondelez International. The virus blocks the operating system from starting and demands a ransom of $300 in Bitcoin in order to restore operation and decrypt files.
On Saturday the Ukrainian Security Service blamed Russian intelligence for the cyber-attack.