Petya - NotPetya: Ukrainian Police released a video via YouTube showing a raid by the software company MEDoc, whose systems were connected to the attacks of Petya (NotPetya) ransomware.
Malware had recently infected computers from several majors Companies worldwide. On July 4, police officers from the Ukrainian anti-cyber unit, armed with weapons, stormed the software development company "Intellect Service" based in the capital of Kyiv and seized their servers, which were used by hackers to spread malware (ExPetr , PetrWrap, Petya, NotPetya) ransomware.
Researchers from security firm ESET discovered a secret malicious code in the MEDoc software update, according to THN. The malicious code was reportedly injected by an unknown hacker or group of hackers in mid-April by exploiting a vulnerability. THE upgrade του κακόβουλου λογισμικού, σχεδιάστηκε για να εγκαταστήσει ένα backdoor και να δώσει μη εξουσιοδοτημένη απομακρυσμένη access to attackers. It was then delivered as an update to nearly 1 million computers belonging to the Ukrainian company's client companies.
Researchers explain that the company-backdoor backdoor was designed to allow hackers to execute multiple remote commands and install further malware programs used to conduct the global attack with WannaCry ransomware.
The company denied that its servers had been compromised, but several investigators and even Microsoft accused the company of being "patient zero" from where the NotPetya attack began.
In addition, the search for Petya found that NotPetya it is not ransomware. Αντίθετα, πρόκειται για ένα καταστρεπτικό κακόβουλο λογισμικό που έχει σχεδιαστεί για να καταστρέψει όλα τα archives από τα στοχευμένα συστήματα, κάνοντας τους οργανισμούς να σταματούν τις δραστηριότητές τους.
The Ukrainian authorities recommend that MEDoc's customers stop using the company's accounts until the next.
Ukraine believes that behind the offensive lies Russia, which is trying to shut down critical state operations such as airport, local subway, and hospitals.