Police seize servers of Ukrainian software firm over last week’s global cyber attack

05 Jul 2017

Ukranian police on Tuesday seized servers of an accounting software firm on suspicion of spreading a malware virus, which crippled computer systems at major companies around the world last week, according to a senior police official.

According to Ukraine's Cyber Police, Serhiy Demedyuk, who spoke to Reuters, the servers of M.E.Doc, Ukraine's most popular accounting software, were seized as part of an investigation into the attack.

Though the police had not yet been able to identify the party behind last week's attack, according to Ukrainian intelligence officials and security firms, some of the initial infections were spread via a malicious update issued by M.E.Doc, which was denied by the company owners.

Premium Service, which claims to be an official dealer of M.E.Doc's software, said in a post on M.E.Doc's Facebook page that masked men were searching M.E.Doc's offices. It added that the software firm's servers and services were down.

According to Cyber Police spokeswoman Yulia Kvitko, investigative actions were continuing at M.E.Doc's offices, and further comment would be made today.

The police move came after cyber security investigators uncovered additional evidence yesterday that the attack had been planned months in advance by highly-skilled hackers, who they said had inserted a vulnerability into the M.E.Doc progamme.

According to commentators, the hackers behind the attack might still be working on further attacks.

Kvitko suggested in a series of messages that M.E. Doc had sent or was in the process of sending a new update and added that the swift action had prevented any further damage.

"Our experts stopped [it] on time," she said www.ibtimes.co.uk reported.

In an intriguing development the bitcoin wallet linked to the hackers who masterminded the outbreak was emptied around the same time as the police announcement.

Meanwhile, Kaspersky Lab researcher Aleks Gostev tweeted that some of the digital currency had been sent to text storage sites.