Petya Cyberattack Update: Ukrainian Arrested For Spreading Malware
Law enforcement in Ukraine have arrested a person accused of helping spread the Petya malware attack that infected thousands of computer systems within the country and around the world earlier this year, ZDNet reported.
The individual has not been named by the authorities but has been identified as a 51-year-old Ukrainian national from the city of Nikopol. The person was arrested this week by the Ukrainian cyber policy agency after executing a raid of the accused attacker’s home.
According to a statement provided to ZDNet, the Ukrainian police said they were able to seize computers from the alleged attacker’s home that were used to aid in the spread of the Petya malware attack.
The police reported the arrested party admitted to uploading the malware to a file-sharing account and shared a link to download the malicious software, along with instructions on how to use it, on his blog.
The malware was downloaded more than 400 times, including by several companies who intended to use Petya to intentionally “conceal criminal activity” and “evade payments” to the nation’s government, according to the police.
While the Ukrainian authorities have associated the arrested party with the spread of Petya, it is not clear if they consider the individual as a formal suspect in the cyberattack that spread the malware to computer systems around the world in June.
Petya was one of the more complexing cyberattacks to hit this year, coming just one month after the ransomware attack known as WannaCry infected more than one million machines in more than 150 countries in May.
Petya initially appeared to be another ransomware attack, presenting infected machines with a screen that informed them their files had been encrypted and demanded they pay $300 in cryptocurrency in order to regain access to the machine.
However, it was quickly discovered Petya had more malicious intentions than a standard ransomware attack designed to generate revenue for attackers. In reality, Petya was a wiper—an attack designed to delete files and destroy computer systems.
Petya managed to spread to more than 12,500 machines in Ukraine and hit machines in more than 60 countries around the world. Its Initial target is believed to have been M.E.Doc, a Ukrainian company that develops and publishes tax accounting software.
The attack hit the software supply chain of the company’s tax software MEDoc, which then spread through a system updater process that carried malicious code to thousands of machines, where it was executed and continued to spread the infection through other networks.
Ukrainian officials immediately pointed fingers at Russia for the attack, likely based on the country’s history of attacking Ukrainian organizations. A spokesperson for the Russian government dismissed the claims at the time and called them “unfounded blanket accusations.”