Video has emerged of a Ukrainian police raid Tuesday at M.E. Doc, the software firm whose servers have been linked to a series of devastating malware attacks around the world, including the NotPetya attack one week ago.
Carrying shotguns and assault rifles, Ukraine’s state security service (SBU) stormed M.E. Doc’s offices in full combat gear before seizing servers suspected of spreading NotPetya and other malware. The raid was first disclosed on Facebook by Premium Services, the official dealer of M.E.Doc’s software.
Authorities believe hackers inserted a vulnerability into M.E. Doc’s software, which was then propagated to its customers during an update in mid-April. The update created a “backdoor” in their systems through which the malicious code was spread.
According to Reuters, M.E. Doc’s software is used by roughly 80 percent of Ukrainian companies.
When your incident response team shows up with shotguns to hunt Malwares. https://t.co/zQGXwFVZwe
— Matthieu Suiche (@msuiche) July 5, 2017
Analyses of the NotPetya outbreak last week found that it was not ransomware, but merely disguised as such. The virus has been categorized instead as a “wiper,” meaning the attack was not financially motivated but meant to permanently destroy the infected systems.
Ukrainian politicians have openly pinned the attack on the Russian government. The Kremlin has called the charges “unfounded blanket accusations.”
More Malware Posts:
While no one has accused the firm of intentionally spreading the worm, it’s believed that it was first pushed out through a software update to the MeDoc tax software.
Crime Group Behind 'Petya' Ransomware Resurfaces to Distance Itself From This Week's Global Cyberattacks
Janus Cybercrime Solutions, the author of Petya resurfaced on Twitter late Wednesday night, seemingly offering to help those whose files can no longer be recovered.
The US Department of Homeland Security and the FBI issued a rare cybersecurity bulletin linking North Korea to a series of attacks that have targeted US businesses and infrastructure since 2009.
This dangerous cyberweapon might work in London or Paris or New York—anywhere really.