Officers from the cyber crime department have detained a male resident of the town of Nikopol, the Dnipro region, who they believe has been involved in disseminating the computer virus called Petya.A and infecting about 400 computers.
Ukrainian police determined that a 51-year-old Nikopol resident posted on some file hosting services (cyber lockers) and social networking sites a video footage containing a detailed guide to running the Petya.A virus on computers, the Ukrainian cyber police said in a statement on its website.
In his comment under the video, the suspect posted a hyperlink to his page on a social networking website, where he had uploaded the virus, which he disseminated among Internet users, police said.
The cyber police obtained an appropriate warrant and searched the suspect’s home where policemen seized computer equipment which they say was used to disseminate the computer virus called Petya.A. Besides, the cyber police officers found files containing malware in the place. Police said later that the malware was similar to the Petya.A virus.
“The man explained to policemen that after the June 2017 hacker attack, he moved to upload the virus onto his account on a file hosting server. He then uploaded onto his blog the link to the file, leaving comments under the free-to-access video. Cyber police field operatives found that the virus had been downloaded by internet users onto their computers about 400 times. Thus the users had infected their own hardware with the Petya.A virus,” police said in the statement.
Police also exposed a list of companies that had decided to benefit from a nationwide cyber attack and deliberately downloaded the virus on their devices trying to conceal their criminal activities or evade paying fines to the state and measures are being taken to prosecute these companies’ executives, it said.
The hardware seized from the suspect has been sent for forensics. The pretrial investigation is under way under the Ukraine Criminal Code article of “unauthorized interference with the operation of computing systems.” The suspect has yet to be officially notified of the suspicion, it said.
As reported earlier, a massive cyber attack involving the malware called ‘Petya.A’ took place on June 27. After that, Ukraine’s National Police received more than 2,100 reports about computer networks being infected with crypto ware. In total, 420 formal complaints were filed, including 309 from the country’s private sector and 111 from state organizations. The complaints prompted criminal proceedings launched under the Ukrainian Criminal Code article on “unauthorized interference with the operation of computing systems, automated systems, computer networks or electric communication networks.”
The Ukrainian cyber police attributed the cyber attack’s massive scale to the fact that it involved an unauthorized use of the M.E.Doc financial reporting program, which is the most popular in the country.
The National Police cyber crime department predicts that another cyber attack may be launched on August 24, the Ukrainian Independence Day.