Ukrainian police have seized the servers of the firm that created MeDoc accounting software on the suspicion the company unwittingly helped spread NotPetya malware.
Col. Serhiy Demydiuk, head of Cyberpolice Ukraine, confirmed on 3 July 2017 that Intellect Service is under investigation. The officer said Ukraine’s police is looking into the company after it failed to heed several warnings about the digital security of its software infrastructure. As quoted by the Associated Press:
“They knew about it. They were told many times by various anti-virus firms. … For this neglect, the people in this case will face criminal responsibility.”
Intellect Service is the maker of MeDoc, Ukraine’s most popular accounting software. Cyberpolice Ukraine and others believe someone hacked MeDoc’s update server and abused that access to push out an update laden with NotPetya malware. On 27 June 2017, this wiper software struck power plants, airports, and government agencies in Ukraine before spreading to other multinational firms that also use MeDoc.
Кіберполіцією попередньо установлено, що перші вірусні атаки на українські компанії могли виникнути через вразливості ПЗ M.E.doc. pic.twitter.com/MXV7ODtaoM
— Cyberpolice Ukraine (@CyberpoliceUA) June 27, 2017
In the immediate aftermath of the attack, Intellect Service acknowledged that someone had hacked its server. But it retracted its statement. Not long thereafter, it framed a new stance on Facebook, claiming any reports that it had helped spread NotPetya “clearly erroneous”.
The company appears to be sticking with its account of non-involvement. Olesya Linnik, managing partner at Intellect Service, said as much to Reuters in an interview. As quoted by BBC News:
“What has been established in these days, when no one slept and only worked? We studied and analysed our product for signs of hacking – it is not infected with a virus and everything is fine, it is safe. The update package, which was sent out long before the virus was spread, we checked it 100 times and everything is fine.”
Microsoft, Symantec, and other security firms say differently. They claim to possess logs that prove MeDoc was the source of the wiper campaign.
According to Cyberpolice Ukraine, the father and daughter team who runs Intellect Service could face criminal charges if investigators determine the family knew about an infection that pushed out NotPetya but did nothing to address it.
For tips on how to protect yourself against NotPetya malware, click here.