Reportage from Social Networks v6: What is known about the Ukrainian company which is involved in sending virus Petya.A
This is a partial analog of "1C", and he is regarded as a lever in the political game.
Residents of Kiev, near private Ukrainian bank, which used the program MEDoc. photo by Getty
June 27,2017, extortionist-virus Petya.A (other names - NotPetya and WannaCry-2) hit computers Ukraine, Russia, Poland, France, Germany and Spain. The program has blocked information on computers and demanded a ransom of Bitcoin equivalent to 300 dollars (about 17 700 rubles at current exchange rate).
Ukrainian authorities and experts of IT-companies have seen a potential culprit in the spread of the virus Ukrainian companies MEDoc - the creator of the popular in the country of the same name by docks program.
July 5 The Company recognized that the program really hacked Petya.A virus, which is then spread further through it. IT-industry experts saw in this situation is not just the work of hackers who tried to get hold of on the cyber attack, and possible political confrontation, which became an instrument MEDoc.
What do the Ukrainian authorities
According to the data of Postal and Telecommunications Ukraine, virus attack started because of a vulnerability in the new version MEDoc program you download a lot of commercial and state structures.
The representative of Postal and Telecommunications said that the department has received 1500 complaints against the virus from Ukrainian companies, after which the authorities opened 23 criminal cases against unidentified persons. Microsoft has confirmed the involvement MEDoc to the spread of the virus.
July 1, 2017 the Ukrainian Security Service (SBU) has accused Russian secret services of involvement in the cyber attack. After consultation with the international security companies security services decided that the attack should group that in 2015-2016 attacked the financial system, the objects of transport and energy of Ukraine and Trojans TeleBots Blackenergy.
According to the SBU believe that a cyber attack took place in several stages on the eve of the Constitution Day of Ukraine (28 June) to further destabilize the political situation in the country.
On July 4, Postal and Telecommunications Ukrainian Sergey Demidyuk threatened development company MEDoc criminal case for the possible spread of the virus Petya.A. According to the head of the security services, the company knew about the threat of virus contamination of their systems, but took no action.
July 5, Minister of Internal Affairs of Ukraine Arsen Avakov told about yet another hacker attack on the country's server. It started the day 4th of July and lasted for about three hours, then the special services managed to repulse the attack. According to the official, the attack came from MEDoc servers. Later SBU representative said that the NATO leadership has provided special services equipment to deal with future cyber attacks.
Apparently, after a new attack Demidyuk decided to threaten the company's criminal case. In addition, the day of the attack, the company re-author MEDoc seized servers. Now the site MEDoc unavailable.
What do IT-company and outside experts
Officially, no country took responsibility for the spread of the virus. NATO Experts believe that the theory of the attack can be power. Analysts DrWeb company confirmed that it MEDoc program has caused mass infection Petya.A virus.
The same day the developer of antivirus ESET equipment issued a report on how the cipher spread through the automatic update MEDoc. The document says that the program has spread version of the vulnerability, which took advantage of the virus, with April 2017. Since then, experts have recorded two more updates from a hole in the defense, including in the version June 22 - just five days before the hacker attack.
Experts "Kaspersky Lab", in contrast to the experts of other IT-companies, not linked with Ukrainian Petya.A program. The company said that based on the preliminary investigation, the hacker technique resembles the technique of hackers BlackEnergy groups.
US security expert Dzhonatan Nikols thinks that a viral attack was not necessarily sanctioned by a State.
What they say in MEDoc
On the first day of the charges the company's representatives rejected any involvement in the spread of Petya.A. According to their words , to update MEDoc of June 22, it was not security vulnerabilities and viruses (this statement is contrary to investigate ESET). The company stressed that also suffered from hacker attacks and from the first day of the investigation provided the logs and backup servers to special services.
June 30 co-founder MEDoc Olesya Linnik told that none of the victims of the virus has not provided the company an infected file comes from ME Doc servers. The company also attracted to the investigation of a third party - the US transnational company-razrabotchitsy Cisco networking equipment. Linnik criticized and Microsoft article about the involvement of the program to attack.
The article does not show the way the original system infection. MEDoc program, like any other, in his work uses many Windows system libraries, that could very well be infected earlier. Thus, the only thing that is shown in the article - is that it is running on a previously infected computer and, accordingly, she was subjected to contamination.Olesya Linnik, co-founder MEDocMEDoc program - a local product, which is used only in Ukraine, and the virus swept more 64 countries. In our country has suffered 12 500 companies and users in the program about a million. That is, if the reason was we would have covered all.
Possible link Russia with the virus
For the first time a theory about the involvement of Russian hackers to attack Petya.A expressed general director of online store Rozetka Vladislav Chechetkin. According to him, the program MEDoc large companies "lectured" the former Minister of income and charges of Ukraine Alexander Klimenko. Ex-official who now criticize the country's leadership, and providing humanitarian assistance to the Donbass, has rejected accusations of imposing ME Doc.
MEDoc - is not the first technology company that, according to the Linnik, was a party to the political clashes. June 1 SBU told about the illegal traffic routing Crimean provider «Wnet Ukraine", whose services are used by service MEDoc. According to intelligence agencies, a provider of management funneling network segment in a fictitious company, behind which stood the FSB.
Employees of the Russian authorities allegedly illegally tried to take over customer data «Wnet Ukraine" through the equipment providers. Now in the case there is a consequence. If it is to the court, the management provider faces up to five years in prison for collaborating with the FSB.
Linnik confirmed that her company used the «Wnet Ukraine", but did not bind provider searches on charges of spreading the virus.
Thank you for Attention