Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security Software Bitcoin Communications Privacy The Almighty Buck The Internet

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software (bleepingcomputer.com) 23

An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.
This discussion has been archived. No new comments can be posted.

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software

Comments Filter:
  • How people wanted something more interesting to comment on?
    https://it.slashdot.org/story/... [slashdot.org]

    Its just ransomware, not some national cyber drama.
  • by Anonymous Coward on Tuesday June 27, 2017 @07:59PM (#54701785)
    Where's your "Total Cost of Ownership" now, Redmond?
    • Re: (Score:3, Informative)

      by Anonymous Coward

      The same place as "I'm a stupid moron who can't manage to install automatic security updates". They tend to congregate at the "I'm a stupid moron who can't correctly configure my OS and network infrastructure".
      Frankly I am still amazed that the ass hats running the extortion ring think Bitcoins cannot be traced. All it takes is doing something that catch the attention of the various intelligence agencies causing them to expend a little of their considerable resources to track down and eliminate these crimin

  • Let me guess, M.E.Doc opens a port that expects a certain protocol handshake, upon which an unsigned blob is downloaded then executed? An attacker could connect to any computer with the program installed, and send a malware payload.
    Either that or their GitHub equivalent was compromised (although given it's happened before, I'd bet on the former.)

  • "Back in May, the company's software update mechanism also helped spread the XData ransomware."

    Pardon me M.E.Doc but I think you left your backdoor open.

    • by rtb61 ( 674572 )

      Far more likely to be an insider job. Ukraine is in economic melt down, which puts enormous pressure on it already corrupt work force, all sorts of insider shenanigans will occur and basically any Ukraine digital source should be kept way outside the security loop. It will get much worse. Great examples were provided out of China, Russia and the US, the more economic impact felt by the digital class, the far more likely they will corrupt their own systems for money. Never to forget, as budgets tighten, so s

It is your destiny. - Darth Vader

Working...