In a rather embarrassing development in the Petya ransomware attack saga, Ukrainian police seized the servers of a domestic accounting firm suspected to be behind spreading the virus. Servers of Ukraine’s most popular accounting software — M E Doc — were seized by the police as part of the investigation into the attack. The ransomware, first identified a week ago, originated in Ukraine and spread to systems across the world, including India.
While the intelligence officials are still attempting to unearth the source of the malicious attack that took down key global systems, it is believed that a malicious update issued by M E Doc was behind spreading some of the initial infections. However, the owners of the software have denied the charges. It was last week that Ukraine blamed Russia for carrying out the attack with the purpose of creating chaos and panic. The SBU, Ukraine’s state security service, claimed that the attack was carried out by the same hackers who attacked the country’s power grid in December a year ago. RELATED: Indian government pushing Microsoft to roll out discounted Windows upgrades
The Ukrainian police’s move to seize the servers came after cybersecurity investigators discovered further evidence that the attack had been planned months in advance who had inserted a vulnerability into the M E Doc programme, Reuters reports. Security software firm ESET discovered the vulnerability, and researchers revealed that they found a backdoor written into some of the software updates of M E Doc, which allowed hackers to enter companies’ systems undetected.
The researchers further said that the hackers likely had access to M E Doc’s source code since the beginning of the year, allowing for a well-planned attack. Oleg Derevianko, board chairman at Ukrainian cyber security firm ISSP, said that an update issued by M E Doc in April delivered a virus to the company’s clients which instructed computers to download 350 megabytes of data from an unknown source on the internet. This virus then exported 35 megabytes of company data to the hackers, allowing hackers to potentially exfiltrate anything from bank emails to users accounts and passwords. RELATED: Petya ransomware attack: India worst hit in Asia-Pacific, 7th most affected globally
Once the infiltration is done, the ransomware infects users’ system by encrypting the hard drive, and denying the user access to the system while rendering the computer unusable until the $300 ransom is paid. Although the said M E Doc accounting software is little known outside the country’s accounting circles, it is used by around 80 percent of companies in the country.
Meanwhile, to help businesses victimized by the malware attack, Ukraine extended its state tax deadline by one month. The government said it would submit a draft law to the parliament for extending the tax deadline to July 15 due to the attack. RELATED: Petya ransomware follows WannaCry’s footsteps; here’s what the experts have to say