Official: Ukraine firm at center of cyberattack was warned
KIEV, Ukraine — The small Ukrainian tax software company that is accused of being the so-called patient zero of a damaging global cyber epidemic is under investigation and will face charges, the head of Ukraine’s CyberPolice suggested Monday.
Col. Serhiy Demydiuk, the head of Ukraine’s national Cyberpolice unit, said that Kiev-based M.E. Doc’s employees didnot act on repeated warnings about the security of their information technology infrastructure.
“They knew about it. Theywere told many times by various anti-virus firms,” he said. “For this neglect, the people in this case will face criminal responsibility.”
Demydiuk and other officials say last week’s unusually disruptive cyberattack was mainly spread through a malicious update to M.E. Doc’s eponymous tax software program, which is widely used by accountants and businesses across Ukraine.
The malicious update, likely planted on M.E. Doc’s update server by a hacker, was then disseminated across the country before exploding into an international epidemic of data-scrambling software that Ukrainian and several other multinational firms are still recovering from.
M.E. Doc initially denied playing any such role in the malicious software’s spread but later deleted the statement from Facebook.
The company, which says it’s cooperating with authorities, has not returned messages seeking comment.
Ukrainian authorities have blamed Russia for masterminding the outbreak, although several independent experts say it’s too early, based on what’s publicly known, to come to any firm conclusions. Ukraine has repeatedly come under fire from high powered cyberattacks tied to Moscow.