The Ukrainian authorities have seized equipment from the online accounting firm MeDoc which is suspected to have had a significant role in the recent NotPetya attack.
The Ukraine’s cyber police have seized the servers after detecting a new suspicious activity, the seizure is containment measure that was adopted to “immediately stop the uncontrolled proliferation” of malware.
According to the Associated Press’s Raphael Satter that quotes the Cyberpolice spokesperson Yulia Kvitko, the company’s systems had either sent or were ready to send out a new update that might have been compromised by hackers.
“Tax software firm M.E. Doc was raided to “immediately stop the uncontrolled proliferation” of malware. In a series of messages, Cyberpolice spokeswoman Yulia Kvitko suggested that M.E. Doc had sent or was preparing to send a new update and added that swift action had prevented any further damage.” states the AP. ““Our experts stopped (it) on time,” she said.”
MeDoc technical staff provided its equipment to the Ukraine Cyberpolice to allow further detailed analysis. While the Ukraine Cyberpolice is investigating the case, the authorities urge people stop using the MeDoc application. The experts suggest turning off any computers running the MeDoc software, change their login credentials and get new digital signatures.
Back to the NotPetya massive attack, Kaspersky Lab analyst Aleks Gostev confirmed that alleged attackers cash out the sum paid by the victims, the Bitcoin collected in the original attack has been withdrawn.
— codelancer (@codelancer) July 4, 2017
Roughly 3.96 Bitcoin ($10,382) was withdrawn from a wallet linked to NotPetya attack early on Wednesday morning.
Haha the first Petya BitCoin transaction was to @pastebin for a Pastebin Pro account.
— Beaumont Porg, Esq. (@GossiTheDog) July 4, 2017
— petya_payments (@petya_payments) July 4, 2017
The AP closed its post reporting that Infrastructure Minister Volodymyr Omelyan told it his department had incurred “millions” in costs, with hundreds of workstations and two of its six servers knocked out.
(Security Affairs – MeDoc, NotPetya)