Ukraine’s national cybercrime unit seized servers belonging to a small company at the center of a global outbreak of malicious software after “new activity” was detected there, the service said in a statement early on Wednesday. The announcement raised the possibility that the hackers behind last week’s wide-ranging cyberattack were still seeking to sow chaos.
Tax software firm M E Doc was raided to “immediately stop the uncontrolled proliferation” of malware. In a series of messages, Cyberpolice spokeswoman Yulia Kvitko suggested that M E Doc had sent or was preparing to send a new update and added that swift action had prevented any further damage. “Our experts stopped (it) on time,” she said.
It wasn’t immediately clear how or why hackers might still have access to M E Doc’s servers. The company has been the focus of intense attention from authorities and cybersecurity researchers since it was identified as the patient zero of the outbreak, which crippled computers at several multinational firms and knocked out cash machines, gas stations and bank branches in Ukraine.
The company has not returned messages from The Associated Press, but in several statements posted to Facebook it disputed allegations that its poor security helped seed the malware epidemic.
Cyberpolice chief Col. Serhiy Demydiuk previously told AP that M E Doc’s owners would be brought to justice, but Kvitko said there had been no arrests.
Adding to the intrigue, the bitcoin wallet linked to the hackers who masterminded the outbreak was emptied around the same time as the police announcement. Kaspersky Lab researcher Aleks Gostev said on Twitter that some of the digital currency had been sent to text storage sites, hinting at the prospect of some kind of a forthcoming statement.