Petya - NotPetya: Ukrainian Police released a video via YouTube which shows an attack on the MEDoc software company, whose systems were linked to Petya (NotPetya) ransomware attacks.
Malware had recently infected computers from many major companies around the world. On July 4, police from a Ukrainian cybercrime unit raided the software development company "Intellect Service" based in the Kiev capital and confiscated their servers, which were used by hackers to spread malicious software (ExP). PetrWrap, Petya, NotPetya) ransomware.
Researchers from security firm ESET discovered a secret malicious code in the MEDoc software update, according to THN. The malicious code was reportedly injected by an unknown hacker or group of hackers in mid-April by exploiting a vulnerability. THE upgrade of the malware, was designed to install a backdoor and give unauthorized remote access to attackers. It was then delivered as an update to nearly 1 million computers belonging to the Ukrainian company's client companies.
The researchers εξηγούν ότι το backdoor που ήταν εγκατεστημένο σε υπολογιστές της εταιρείας σχεδιάστηκε για να επιτρέπει στους hackers να εκτελούν διάφορες εντολές εξ αποστάσεως και να εγκαθιστούν περαιτέρω άλλα κακόβουλα προγράμματα, που χρησιμοποιήθηκαν για τη διεξαγωγή της παγκόσμιας attacks with the WannaCry ransomware.
The company denied that its servers had been hacked, but several researchers, including Microsoft accused the company of being "patient zero" from where the NotPetya attack originated.
In addition, the search for Petya found that NotPetya it is not ransomware. Instead, it is a destructive malware that is designed to destroy all files from targeted systems, causing organizations to stop their activities.
The Ukrainian authorities recommend that MEDoc's customers stop using the company's accounts until the next.
Ukraine believes that behind the attack is the Russia, which is trying to shut down critical state businesses, such as the airport, local subway, and hospitals.