Ukraine’s police recently raided and seized servers of software company M.E. Doc after concerns that cybercriminals might still have access to the company’s servers and be planning another attack, similar to NotPeya (also known as GoldenEye, ExPetr, PetrWrap, Petya and Diskcoder.C).
In an effort to “immediately stop the uncontrolled proliferation” of malware, the National Police of Ukraine and the Security Service of Ukraine have kept a close eye on M.E. Doc – the company identified as originally spreading the NotPetya threat. They had reason to believe that a new update pushed by the company could again be used by cybercriminals to spread malware.
The official statement reads that all equipment will be sent to forensic analysis to identify how the malicious code was disseminated and that the company’s staff has been helping the investigation. The announcement also states that the investigation is of strategic importance, as similar attacks could destabilize the country.
While there have been no arrests, authorities and officials have stated that perpetrators will be brought to justice. With no estimate in terms of financial losses caused by the malware outbreak, the officials have used “millions” to estimate the damages.
“Kiberpolitsiyi Department strongly recommends all users at the time of the investigation, to stop using the software “MEDoc” and turn off the computer on which it is installed on the network,” reads the official police statement. “You must also change their passwords and electronic digital signatures, due to the fact that these data could be compromised.”
Ukrainian authorities have promised to offer regular updates regarding the investigation, including publishing instructions on how to identify signs of infection or backdoors on potentially affected computers.