July 4, 2017 by

Software Firm at the Center of Ransomware Storm Will Face Charges

A Ukrainian tax software company at the center of the recent NotPetya global ransomware epidemic is currently under investigation by Ukrainian authorities and will face charges.

“They knew about it,” stated Col. Serhiy Demydiuk, head of Ukraine’s national Cyberpolice unit in an interview with The Associated Press. The official claimed that Kiev-based M.E.Doc had repeatedly ignored warnings about the security of their IT infrastructure.

He stated:

They were told many times by various anti-virus firms. …For this neglect, the people in this case will face criminal responsibility.

The software firm, believed to be patient zero of the disruptive ransomware menace in recent weeks, is alleged to have facilitated the spread of the ransomware. For context, the firm’s popular tax software program is widely used by accountants and businesses in Ukraine. The software received a malicious update, believed to be planted by a rogue hacker, before it spread across the country.

The particular vulnerability lies in the software company’s FTP-based updating mechanism, according to security analyst Johnathan Nichols. Using the Shodan search engine, the researcher claimed that compromising ME Doc with the ransomware ‘NotPetya’ was “so easy, anyone could do it.”

The software firm has also been criticized for its responses to the hack. First, it acknowledged the exploit in a statement which was promptly deleted afterward. Then, the firm called the allegations “clearly erroneous” but eventually added that it was cooperating with authorities.

The company stated it sought law enforcement authorities’ help to “search for the source of the attack, find out its mechanisms and determine the steps to be taken to eliminate the consequences.”

According to Reuters, the Ukrainian police have also seized computer servers belonging to the firm. Meanwhile, Ukrainian authorities have blamed Russian state-sponsored hackers for being the instigators of the cyberattack.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Theft and Departing Employees – Why it Matters (Part 2)

In this article, LIFARS outlines the best practices toward protecting your organization from data...

Read more arrow_forward

SEC Publishes Guidance on Cybersecurity Breach Disclosures

In the aftermath of the sweeping, infamous breach of Equifax, the SEC has now provided additional...

Read more arrow_forward

Popular Freeware Site Download.com Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward