A Ukrainian tax software company has denied that it was hacked and used to kick-start yesterday’s global cyber-attack
The company, MeDoc, has been pinpointed by some experts as the potential source of the ‘ransomware’, designed to cripple systems and encrypt data, unless a ransom is paid.
The attack hit the Ukrainian government, its utilities and air services along with Russian oil giant Rosneft, British advertising firm WPP and US law firm DLA Piper. Even operators at the Chernobyl nuclear power plant were forced to switch to manual radiation monitoring by the ransomware attack.
Ukraine’s deputy prime minister Pavlo Rozenko tweeted [in Ukrainian] that all of the country’s government computers were affected.
The claims had suggested that a recent software update had been hacked and used to spread the malicious software code. A news update on MeDoc's website yesterday said [translated by Google]: ‘Our server made a virus attack.’
However, an update on MeDoc’s Facebook page [translated by Google] said the 22 June update contains no viruses. ‘We can say that MeDoc system users cannot infect your computer with viruses at the time of the update program.’
The software that spread the attack is called ME.Doc and is used for submitting tax reports and filing with the Ukrainian tax authority. MeDoc sent out what was ostensibly a routine update on the morning of 26 June 2017, connecting every computer on which it was installed and infecting them.
The ransomware denies access to files on infected computers and demands victims make a payment of $300 (£235) in Bitcoins, although some media outlets are now reporting the payments do not appear to go anywhere.