Ukrainian tax software blamed for spread of new cyber virus

Technology > Security

National police and international cyber experts said the June 28 cyber attack that crippled thousands of computers across continents was believed to have been caused by a virus in Ukraine.

 Security firms including Microsoft, Cisco's Talos, and Symantec said that they had confirmed some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software program called MEDoc.  However, the supplier of the said software denied in a post on Facebook that its software was to blame, although Microsoft reiterated its suspicions afterwards.

 "Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process," it said in a technical blog post.

 A number of international firms hit have operations in Ukraine.  Shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide, has a logistics unit in Ukraine.  Maersk was one of the first global firms to be taken down by the cyber attack; and its operations at major ports such as Mumbai in India, Rotterdam in the Netherlands, and Los Angeles in the US West Coast were disrupted.

 Russian security firm Kaspersky said that a Ukrainian news site for the city of Bakhumut was also hacked and used to distribute the ransomware to visitors, encrypting data on their machines.

 The malicious code locked machines and demanded victims to post a ransom worth $300 in bitcoins or lose their data entirely, similar to the extortion tactic used in the global WannaCry ransomware attack in May.

 Ukraine, the epicenter of the cyber strike, has repeatedly accused Russia of orchestrating attacks on its computer systems and critical power infrastructure since its powerful neighbor annexed the Black Sea peninsula of Crimea in 2014.

 The Kremlin consistently rejected the accusations and said on Wednesday, June 28, that it had no information about the origin of the global cyber attack, which also struck Russian companies such as oil giant Rosneft and a steelmaker.  "No one can effectively combat cyber threats on their own, and, unfortunately, unfounded blanket accusations will not solve this problem," said Kremlin spokesman Dmitry Peskov.

 ESET, a Slovakian company that sells products to shield computers from viruses, said 80 percent of the infections detected among its global customer base were in Ukraine, with Italy being the second hardest-hit at roughly 10 percent.

 While the malware seems to be a variant of past campaigns, derived from code known as Eternal Blue which is believed to have been developed by the US National Security Agency (NSA), experts said it was not as virulent as May's WannaCry attack.



Photo By: Geralt / Pixabay