Sergey Neverov, a 51-year-old man, has been arrested, on Saturday 5 August, by Ukrainian Cyber Police on accusations of distributing a version of the NotPetya(Petya.A) ransomware after the initial attack event of late June.
The man has two sons and he is resident in the southern city of Nikopol in Ukraine, he is a YouTube video blogger that public reviews about computer hardware and gadgets.
Authorities say that suspect uploaded a copy of the NotPetya executable on a cloud file sharing and delivered the ransomware via his social media account. Neverov has infected at least 400 computers in Ukraine and he is also suspected to have helped some Ukrainian companies as a way to getting a tax reporting delay. But they did not know whether he has done it directly or indirectly.
June 30th, was the deadline in Ukraine for filing tax returns, in that time NotPetya attack infected many victims in Ukraine, many of which lost the access to their sensitive files and documents. Companies that were infected by the virus were unable to submit tax reports on time and liable for paying huge fines for late submissions, Nina Yuzhanina (Head of the parliamentary committee on tax and customs), through a post on his Facebook profile, gave affected taxpayers some comfort extending the last date to 31st December, 2017.
Therefore, police believe that some companies used the malware sample spread by Neverov to infect their system and postpone the payment of the taxes on time as well as late tax return penalty
Neverov got curious about the ransomware and started studying the way it works and how to recover infected files without paying ransom to the attackers. He downloaded a sample of NotPetya ransomware from the Internet and tested it on his computer.
“In fact, while recording a video of the NotPetya infection to demonstrate its impact on a targeted computer, he failed two times in infecting his own computer.
When succeeded in the third attempt, Neverov uploaded the copy of NotPetya malware on file hosting website and shared the link on his social media account just for the informational purpose, saying “use at your own risk.”
Moreover, it is important to note that Neverov would not be gaining any profit by distributing the ransomware because of NotPetya has been designed to blackmail victims into paying ransom amount to a specific Bitcoin address that belongs to the original attackers only.”Mohit Kumar says is his article.
Neverov never tried to hide his identity, and even in some of his videos, he revealed his face and shared the exact GPS location to his house in Nikopol on Facebook, which suggests that he had nothing to hide, neither his intentions were wrong.
If found guilty, the man could face a prison sentence of up to three years. In previous official statements, with the charge “Unauthorized interference with the work of electronic computing machines (computers), automated systems, computer networks or telecommunication networks, …which led to the leak, loss, fake, blocking information, distortion of the information processing or violation the established order it’s routing.”.
Both cases are unbelievable.
Written by: @GranetMan
Granet is a young and Junior IT Security Researcher, he is passionate in Linux, Arduino, Digital Forensics, Cyber Security, Free software and Malware Analysis
(Security Affairs – ransomware, NotPetya)