Police in Ukraine have arrested a 51-year-old man in connection with spreading the notorious Petya ransomware earlier this summer.
In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it. The outbreak of a ransomware connected to Petya in June was centered in Ukraine and most of the corporate victims of it were in that country. The ransomware in that campaign, known as NotPetya, also had the ability to wipe the master boot record on infected machines and could spread over networks.
Ukrainian officials searched the residence of the suspect arrested this week and said they found computers that were used to help spread Petya.
“Employees of the department combating cybercrime in the Chernigov region Kiev Office kiberpolitsiyi Department kiberpolitsiyi emergency Ukraine established a 51-year resident of Dnipropetrovsk (m. Nikopol), which is on file exchange and social channels on the Internet posted a video detailing how you can run a virus «Petya .A »on computers. In the video komentaryahi man placed a link on his page in the social network, which he downloaded the virus itself and its distributed Internet users,” the translated version of the Ukraine Cyperpolice statement said.
“At the place of residence of the attacker, cyber police officers conducted an authorized search. In particular, as a result of the search police seized computer equipment through which spread a computer virus called «Petya.A».”
Officials say about 400 computers in Ukraine were infected with Petya.
The Petya ransomware has been circulating in various forms since early 2016. It normally is spread through spam emails with infected attachments, but in the most recent campaign that hit businesses in Ukraine, the United States, and other countries in June, the malware included exploit code for a Windows vulnerability and had the ability to spread across networks. Security researchers and analysts said that version of Petya likely was the work of government-backed attackers.
“NotPetya was probably launched by a state actor or a non-state actor with support or approval from a state. Other options are unlikely. The operation was not too complex, but still complex and expensive enough to have been prepared and executed by unaffiliated hackers for the sake of practice. Cyber criminals are not behind this either, as the method for collecting the ransom was so poorly designed that the ransom would probably not even cover the cost of the operation,” an analysis by NATO said.
The Ukraine Cyberpolice said the investigation into the unnamed suspect arrested this week is continuing, including a forensic analysis of the seized computers.