Police raid Ukrainian software firm tied to global cyberattack

Police raid Ukrainian software firm tied to global cyberattack
© Getty Images

A Ukrainian police official says that authorities have raided the accounting software firm said to be tied to the global spread of a destructive computer virus last week.

Serhiy Demedyuk, who leads Ukraine’s cyber police, told Reuters that authorities seized the servers of Ukrainian accounting software firm MEDoc on Tuesday as part of the investigation into the spread of a variant of ransomware known as Petya.

Cybersecurity experts have increasingly pointed to the accounting firm as the original infection point, or “patient zero.” They say that the company’s software was likely targeted by hackers and that it pushed out malicious updates to users, facilitating the spread of the malware.


Ukraine's cyber police chief said earlier this week that the company was warned repeatedly about the security of its IT infrastructure but did nothing to remedy it and would face charges as a result.

“They knew about it,” Demedyuk told The Associated Press. “They were told many times by various anti-virus firms. ... For this neglect, the people in this case will face criminal responsibility.”

On Wednesday, the company said that computers using the software had been compromised by a “back door” installed by hackers during the attack.

“There was a hacking of servers," said Olesya Bilousova, chief executive of the company Intellect Service that developed the software.

“As of today, every computer which is on the same local network as our product is a threat. We need to pay the most attention to those computers which weren’t affected [by the cyberattack],” Bilousova said. “The virus is on them waiting for a signal. There are fingerprints on computers which didn’t even use our product.” 

The malware broke out last Tuesday, with reports of infections first emerging from Ukraine, including the country’s government. It later spread to organizations in Europe and the United States. 

Companies such as shipping giant Maersk Group have begun to show signs of returning to normal operations after the cyberattack.

A growing chorus of security experts have concluded that the malware was disguised as ransomware but actually designed as a “wiper” — a virus meant to destroy data, rather than hold a computer hostage for financial gain.

Ukraine has pointed the finger at Russia for the cyberattack, though cyber experts say it's too early to tell if Moscow was behind the malware.