Ukraine Police Seize Servers Of Accountancy Software Firm To Stop NotPetya

Roland Moore-Colyer,
NotPetya

Intellect Services denies any role in the spread of NotPetya

Servers belonging to an accountancy software firm in Ukraine have been seized by the nation’s police following suspicions that the company, Intellect Service, had helped spread the NotPetya cyber attack

Intellect Service has denied that its software MeDoc had helped spread the cyber attack, which first appeared to be ransomware, around Ukraine and then on a worldwide scale.

However, security experts have uncovered signs that some of the initial infections of NotPetya were spread through a malicious update to Intellect Service’s MeDoc systems.  

Stopping the spread of NotPetya 

ransomwareA translated statement from Ukrainian law enforcement officials noted the servers were sized to stop the “uncontrolled proliferation” of NotPetya, and said that the MeDoc servers were due to push out another software update; it is not clear if that update would have contained malware or not. 

It is likely that the MeDoc servers were hacked through the exploitation software vulnerability that had not been patched, and then used as an attack vector for NotPetya, rather than Intellect Service intentionally spreading the malware. 

However, according to the Associate Press agency, under the MeDoc brand Intellect Services had released a statement acknowledging it had been hacked then deleted the statement, and branded allegations that it had been the propagator of NotPeya as “clearly erroneous” though ot noted it was working with authorities to tackle the outbreak. 

Colonel Serhiy Demydiuk, hed of Ukraine’s cyber crime unit noted that Intellect Service had known about the infection. 

“They knew about it,” he told  Associated Press. “They were told many times by various anti-virus firms. … For this neglect, the people in this case will face criminal responsibility.”

The nation, gropu or peole behind NotPetya have yet to be idintified, though Ukranine has accused Russia od sponsering the attacks, something the nation has denied. 

The only activity on the hackers side of things has been the extraction of the Bitcoins in a the wallet they had used to accept ransom payments, though it is unlikely that the people who made the payments will see their data released from the ransomware, as NotPetya contains code that pretty much wiped compromised data rather than locks it. 

As such, NotPeya appears to have the potential to cause even more chaos than the WannaCry ransomware if it continues to spread. 

Quiz: Test your knowledge on cyber security in 2017