Police in combat gear seized computer servers of the software firm in Kyiv that supplies Ukraine's most widely-used tax and accounting programs -- believed to be the source of the ransomware named “NotPetya” that infected computer systems worldwide beginning June 27.
On Tuesday, July 4, employees at the main office of M.E.Doc stood by calmly as officers carrying assault weapons and clad in camouflage gear carted away the computer equipment.
A police spokesman said on Wednesday, July 5, that the raid prevented a second wave of viruses. He added that investigators had already found "evidence of Russian presence on these servers," but he gave no further details. Ukraine has blamed the Kremlin for the cyberattack, but Russia has denied any involvement.
M.E.Doc ("My Electronic Document") denied any connection to the malware that paralyzed government and business computer networks in Ukraine and more than a dozen other countries. However, the company admitted Wednesday, July 5, that hackers initiated a "backdoor" attack on its servers and that was the inadvertent source of the malware.
The cyberattack is estimated to have caused millions of dollars in damage to the infected networks, and some victims have not yet been able to regain access to their data.
Olesya Bilousova, chief executive of Intellect Service which developed M.E.Doc accounting software, told reporters that the risk is still there, and that any computer on a network that has used the tax and accounting software remain vulnerable to attack. "We need to pay the most attention to those computers which weren't affected [last week]," she said.
"The virus is on them, waiting for a signal," Bilousova said. "There are fingerprints on computers which didn't even use our product."
|Image by: Qypchak / Wikimedia Commons|