Hackers behind the Petya ransomware attack that compromised Ukraine's power grid, its central bank and two postal services, used a tax filing software to spread the germ with devastating effect, say experts.
The affected tax filing software is installed on Ukrainian government computers and is also used by thousands of businesses for tax filing purposes.
The Petya malware attack, unlike WannaCry, didn't just encrypt files stored in computers but systematically destroyed large networks owned and run by the Ukrainian government and it's allied agencies which included the country's central bank.
The malware later spread to other countries in Europe as well as to the United States, affecting operations of global firms like Danish shipping company Maersk, Russian oil giant Rosneft, aircraft manufacturer Antonov, US pharmaceutical giant Merck as well as its subsidiary Merck Sharp & Dohme (MSD) in the UK.
“This isn’t about the money. This attack is about disabling how large companies and governments can operate. You get a double whammy of the initial cyber attack and then organizations being forced to shut down their operations,” said Brian Lord, a former deputy director of intelligence and computer operations at Britain’s Government Communications Headquarters to The New York Times.
U.S. based technology company Cisco is presently assisting Ukraine's cyber security authorities in determining the source of the cyber-attack that virtually brought down the country's connected infrastructure this week. According to The New York Times, as many as 1,500 businesses had reported computer intrusions to the police. Ukrainian authorities are convinced that the cyber-attack was sponsored by Russia, even though the source of the attack hasn't been determined as yet.
M.E.Doc, the company that manufactures the tax filing software, is also cooperating with the Ukrainian police on the investigation. The software is based on the Windows operating system but Microsoft has said that it “now has evidence that a few active infections of the ransomware initially started from the legitimate M.E.Doc updater process.”
“War in cyberspace, seeding fear and horror among millions of personal computer users, and inflicting direct material damage from destabilizing the work of businesses and the state, is just one part of the hybrid war of the Russian empire against Ukraine,” said Ukrainian member of Parliament Anton Gerashenko.
"A cyber attack with the ultimate goal of an attempt to destabilize the situation in the economy and public consciousness of Ukraine was disguised as an attempt to extort money from computer owners," he added.
Gerashenko added that the cyber-attack had destabilised operations in banks, media organisations, communication facilities, transport, telecommunications, and energy departments. Among the hardest hit were Ukr telecom, Dniproenergo, Ukrzaliznytsia, Boryspil Airports, and the Cabinet of Ministers of Ukraine.