Ukraine's cybercrime division recently seized the servers of an organization named Intellect Service, who supposedly develops and sells accounting software under the name of M.E.Doc and IS-pro, but was suspected of spreading malware and viruses which crippled the systems and IT infrastructure of major companies around the world.
Though the fact is still not established as to who was actually behind the last week’s malware attack but have seized the servers for an initial investigation as they have clear evidence that the malicious malware proliferated and spread through the update issued by the M.E.Doc. The owners of the company are still in a state of denial because there is huge possibility that their company’s resources or software could have been used as a medium to spread the destructive malware.
It’s however still a suspicious case as to how the hackers were still able to hold on to the company’s confidential credentials and had untethered access to M.E.Doc’s servers. The software firm is currently the main focus of cyber security experts, white hat hackers and researchers in the country since it has been identified as the ‘epicentre’ of the infamous Petya malware which severely affected IT infrastructure of airports, gas stations, hospitals and banks in the country.
Up till now the company haven’t yet appropriately responded to the media, but are defending their stance on the allegations that their poor online security let the hackers breached their servers and helped to spread the malware epidemic.
According to the Cyber Police Chief Col. Serhiy Demydiuk, the owners of the company M.E.Doc would be given justice as there are no arrests made up till now.
But still, there’s a lot of suspicions that are revolving around this matter as just after the police announced regarding the raid, the bitcoin wallet associated with the hackers emptied immediately. But nothing can be said for sure as it could be a well-planned strategy and a decoy tactic to point all the evidence and forthcoming actions towards the company and its owners.
ESET Antivirus Officials Take On The Matter
According to @virustotal at this moment only @ESET detects MSIL/TeleDoor.A backdoor that was used to spread Petya malware in Ukraine pic.twitter.com/TtCwE8zqq3
— Anton Cherepanov (@cherepanov74) July 4, 2017
Senior Malware Researcher of ESET, Anton Cherepanov said, “It’s highly unlikely that attackers could do something like this and can get backdoor access to the software without having the access to M.E.Doc’s source code”.
This seems to be a thoroughly Well-planned and well-executed operation.”
Kaspersky Lab’s Take On The Incident
Senior researcher at Kaspersky Lab, Aleks Gostev, tweeted that some of the digital currency had also been sent to the text storage sites too. Previously they also accepted the fact that “they haven’t seen a ransomware like this”
The latest from @kaspersky researchers on #Petya: it’s actually #NotPetya pic.twitter.com/uTVBUul8Yt
— Kaspersky Lab (@kaspersky) June 27, 2017
Ukraine's authorities are still investigating the magnitude of the event and total amount of the damages that have been incurred up till now.
Ukrainian Analysts have been terming this malware epidemic as a nation-state attack and are of the belief that this attack has been made to destabilize the country in the worst way possible.