Software Firm at the Center of Ransomware Storm Will Face Charges

A Ukrainian tax software company at the center of the recent NotPetya global ransomware epidemic is currently under investigation by Ukrainian authorities and will face charges.

“They knew about it,” stated Col. Serhiy Demydiuk, head of Ukraine’s national Cyberpolice unit in an interview with The Associated Press. The official claimed that Kiev-based M.E.Doc had repeatedly ignored warnings about the security of their IT infrastructure.

He stated:

They were told many times by various anti-virus firms. …For this neglect, the people in this case will face criminal responsibility.

The software firm, believed to be patient zero of the disruptive ransomware menace in recent weeks, is alleged to have facilitated the spread of the ransomware. For context, the firm’s popular tax software program is widely used by accountants and businesses in Ukraine. The software received a malicious update, believed to be planted by a rogue hacker, before it spread across the country.

The particular vulnerability lies in the software company’s FTP-based updating mechanism, according to security analyst Johnathan Nichols. Using the Shodan search engine, the researcher claimed that compromising ME Doc with the ransomware ‘NotPetya’ was “so easy, anyone could do it.”

The software firm has also been criticized for its responses to the hack. First, it acknowledged the exploit in a statement which was promptly deleted afterward. Then, the firm called the allegations “clearly erroneous” but eventually added that it was cooperating with authorities.

The company stated it sought law enforcement authorities’ help to “search for the source of the attack, find out its mechanisms and determine the steps to be taken to eliminate the consequences.”

According to Reuters, the Ukrainian police have also seized computer servers belonging to the firm. Meanwhile, Ukrainian authorities have blamed Russian state-sponsored hackers for being the instigators of the cyberattack.

Image credit: Flickr.